[SCM] CTDB repository - branch master updated - ctdb-1.0.114-107-gf0e48dd
Ronnie Sahlberg
sahlberg at samba.org
Mon May 31 20:50:39 MDT 2010
The branch, master has been updated
via f0e48dd833a4408449083148c172c2136b934e5b (commit)
from 53df35aff1e10201a38931bbb82fb266a38892c0 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f0e48dd833a4408449083148c172c2136b934e5b
Author: Ronnie Sahlberg <ronniesahlberg at gmail.com>
Date: Tue Jun 1 12:43:32 2010 +1000
Prevent clients from connecting to the natgw address.
This address is dedicated for outgoing connections.
BZ62613
-----------------------------------------------------------------------
Summary of changes:
config/events.d/11.natgw | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw
index e6e54f4..a01984c 100644
--- a/config/events.d/11.natgw
+++ b/config/events.d/11.natgw
@@ -23,6 +23,8 @@ delete_all() {
# were the NAT-GW
iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK -d ! $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
+ # remove any iptables rule we may have on this address
+ iptables -D INPUT -p tcp --syn -d _ip/32 -j REJECT 2>/dev/null
}
case "$1" in
@@ -50,6 +52,12 @@ case "$1" in
NATGWIP=`ctdb natgwlist | head -1 | sed -e "s/^[^ ]* *//"`
CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e "s/\/.*/\/32/"`
+
+ # block all incoming connections to the natgw address
+ iptables -D INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
+ iptables -I INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
+
+
if [ "$NATGWMASTER" = "-1" ]; then
echo "There is not NATGW master node"
exit 1
--
CTDB repository
More information about the samba-cvs
mailing list