[
https://issues.apache.org/jira/browse/WHIRR-371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13087620#comment-13087620
]
Karel Vervaeke commented on WHIRR-371:
--------------------------------------
Sample configuration:
whirr.firewall.rules=tcp/10101,tcp/-10102,udp/8650,80
meaning:
allow tcp traffic on 10101
disallow tcp traffic on 10102 (overriding any clusteractionhandler's action)
allow udp traffic on 8650
allow tcp traffic on port 80 (tcp/ is the default and can be omitted)
Bonus points for allowing to define service-specific rules, e.g.
whirr.firewall.rules.hbase-regionserver=10102
Note that it's possible to have conflicting rules, e.g.
whirr.instance-templates='1 serviceA+serviceB'
whirr.firewall.rules.serviceA=10102
whirr.firewall.rules.serviceB=-10102
I suggest we log a warning and open the port in this case.
> Allow defining additional firewall rules
> ----------------------------------------
>
> Key: WHIRR-371
> URL: https://issues.apache.org/jira/browse/WHIRR-371
> Project: Whirr
> Issue Type: Improvement
> Components: core
> Reporter: Karel Vervaeke
>
> Users should have more control over the firewall rules, by adding one or more
> properties to the whirr properties file
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
