[jira] [Resolved] (BROOKLYN-41) openIptables config appears to customise entries for requested ports, not assigned

Mon, 19 Jun 2017 02:48:07 -0700 

     [ 
https://issues.apache.org/jira/browse/BROOKLYN-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Svetoslav Neykov resolved BROOKLYN-41.
--------------------------------------
       Resolution: Fixed
    Fix Version/s: 0.12.0

Should've been fixed with https://github.com/apache/brooklyn-server/pull/713.

> openIptables config appears to customise entries for requested ports, not 
> assigned
> ----------------------------------------------------------------------------------
>
>                 Key: BROOKLYN-41
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-41
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Sam Corbett
>             Fix For: 0.12.0
>
>
> I set the openIptables config option on a location and deployed an app with 
> one Java app and seven Redis databases.
> I expected Brooklyn to configure the Iptables firewall with an entry for each 
> Redis databse port, but instead saw only one entry. My guess is that it's 
> customising based on the requested ports, not those that were assigned.
> Output from the server:
> {code}
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ ps aux | 
> grep redis
> sam       8153  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 
> ./bin/redis-server *:6383
> sam       8173  0.0  0.0 137344  7380 ?        Ssl  16:51   0:00 
> ./bin/redis-server *:6382
> sam       8499  0.0  0.0 137344  7348 ?        Ssl  16:51   0:00 
> ./bin/redis-server *:6380
> sam       8641  0.0  0.0 137344  7376 ?        Ssl  16:51   0:00 
> ./bin/redis-server *:6385
> sam       9362  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 
> ./bin/redis-server *:6379
> sam       9547  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 
> ./bin/redis-server *:6381
> sam      10043  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 
> ./bin/redis-server *:6384
> sam      17293  0.0  0.0 103248   840 pts/0    S+   17:02   0:00 grep redis
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ sudo 
> service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1099
> 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
> dpt:31001
> 3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
> dpt:61616
> 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:6379
> 5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
> 6    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
> RELATED,ESTABLISHED
> 7    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> 8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
> tcp dpt:22
> 10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
> icmp-host-prohibited
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
> icmp-host-prohibited
> Chain OUTPUT (policy ACCEPT)
> num  target     prot opt source               destination
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$
> {code}
> I would expect six more entries of the form 'tcp dpt:6379' for ports 
> 6380-6385.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to