8000 Add an iptables rule for letting weaveDNS requests in by inercia · Pull Request #1581 · weaveworks/weave · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Jun 20, 2024. It is now read-only.

Add an iptables rule for letting weaveDNS requests in #1581

Closed
wants to merge 1 commit into from
Closed

Add an iptables rule for letting weaveDNS requests in #1581

wants to merge 1 commit into from

Conversation

inercia
Copy link
Contributor
@inercia inercia commented Oct 23, 2015

Fixes #1578

@rade
Copy link
Member
rade commented Oct 23, 2015

should be branched off 1.2

@inercia
Copy link
Contributor Author
inercia commented Oct 23, 2015

why do we need to insert the rule rather than appending it?

Because I think we need it before all these rules:

Chain INPUT (policy DROP 137 packets, 4384 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 136K   98M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 136K   98M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7237  424K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1537 56400 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1537 56400 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1537 56400 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0

@inercia
Copy link
Contributor Author
inercia commented Oct 23, 2015

@rade you are right, we can append it. Fixing...

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from d83cfcd to 2636501 Compare October 23, 2015 13:07
rade
rade reviewed Oct 23, 2015
View reviewed changes
weave
@@ -1479,6 +1479,9 @@ launch_router() {
--docker-api "unix:///var/run/docker.sock" "$@")
with_container_netns_or_die $CONTAINER_NAME setup_router_iface_$BRIDGE_TYPE
attach_router

# let DNS traffic to weaveDNS
[ -n "$DNS_PORT_MAPPING" ] && add_iptables_rule filter INPUT -i $DOCKER_BRIDGE -p udp --dport 53 -j ACCEPT

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from 2636501 to df138ae Compare October 28, 2015 20:05
@inercia
Copy link
Contributor Author
inercia commented Oct 28, 2015

It seems I'll have to close this branch as the target branch cannot be changed in a PR... 😕

@rade
Copy link
Member
rade commented Oct 28, 2015

yes

@inercia
Copy link
Contributor Author
inercia commented Oct 28, 2015

Tests failing with:

>>> Test ./640_proxy_restart_reattaches_test.sh finished after 32.7 secs with error: exit status 1
Proxy restart reattaches networking to containers
d4b5c5a8baf365fca5fc9f68582c4802b8b7d9d115ff42c81b8fbd92feb49d2e
6123910fedad4ebf07e17a5211f33677e461651b929c9eced84675c4813bdc24
c2
weave
sudo: systemctl: command not found

😕

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from df138ae to 8d6d9b4 Compare October 28, 2015 20:24
@rade
Copy link
Member
rade commented Oct 28, 2015

Tests failing

#1588

@inercia
Copy link
Contributor Author
inercia commented Oct 28, 2015

I'll wait until #1588 is fixed, then I'll close this PR and open a new one based on branch 1.2.

@rade
Copy link
Member
rade commented Oct 28, 2015

I'll wait until #1588 is fixed

Don't. Unless you are going to fix it yourself.

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from 8d6d9b4 to cc416fe Compare October 28, 2015 20:57
@inercia inercia mentioned this pull request Oct 28, 2015
Merged
@inercia inercia closed this Oct 28, 2015
@rade rade added this to the 1.2.1 milestone Nov 3, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@inercia inercia

Labels
None yet
Projects
None yet
Milestone
1.2.1
Development

Successfully merging this pull request may close these issues.
2 participants
@inercia @rade
0