8000 Add an iptables rule for letting weaveDNS requests in by inercia · Pull Request #1606 · weaveworks/weave · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Jun 20, 2024. It is now read-only.

Add an iptables rule for letting weaveDNS requests in #1606

Merged
merged 1 commit into from
Nov 4, 2015
Merged

Add an iptables rule for letting weaveDNS requests in #1606

merged 1 commit into from
Nov 4, 2015

Conversation

inercia
Copy link
Contributor
@inercia inercia commented Oct 28, 2015

Fixes #1578

(continued from #1581)

@rade rade mentioned this pull request Nov 2, 2015
Closed
@rade
Copy link
Member
rade commented Nov 2, 2015

There are a couple of bugs:

  1. the rules should also be added when attaching a router, i.e. really the addition should happen in attach_router. That also means it should be triggered on -z "$NO_DNS_OPT", since $DNS_PORT_MAPPING is not always available in attach_router.
  2. the rules should be removed on weave reset

An alternative would be to install the rules in create_bridge and remove them in destroy_bridge. That has the advantage of keeping all the iptabling (except for expose) in one place. The disadvantage is that the rule may not be necessary.

@awh
Copy link
Contributor
awh commented Nov 2, 2015

An alternative would be to install the rules in create_bridge and remove them in destroy_bridge.

+1

@inercia
Copy link
Contributor Author
inercia commented Nov 4, 2015

Issue #1631 is also affected by this: pot 6784 is not open for connections coming from other containers. Should I also open this port? Any other ports?

@rade
Copy link
Member
rade commented Nov 4, 2015

port 6784 is not open for connections coming from other containers. Should I also open this port?

That would be a spectacularly bad idea. See #1632.

@inercia
Copy link
Contributor Author
inercia commented Nov 4, 2015

That would be a spectacularly bad idea. See #1632.

😂 ok, I'll take that as a no...

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from cc416fe to 4d73bdd Compare November 4, 2015 10:02
@inercia inercia assigned rade and unassigned inercia Nov 4, 2015
@rade rade assigned awh and unassigned rade Nov 4, 2015
@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from 4d73bdd to 3e0b595 Compare November 4, 2015 10:36
@awh
Copy link
Contributor
awh commented Nov 4, 2015

@inercia Has this been accidentally rebased on master? There are 19 commits showing in this PR that look like they come from there...

@awh awh assigned inercia and unassigned awh Nov 4, 2015
@inercia
Copy link
Contributor Author
inercia commented Nov 4, 2015

@inercia Has this been accidentally rebased on master? There are 19 commits showing in this PR that look like they come from there...

Damn! Fixing it...

@inercia inercia force-pushed the issues/1578_ufw_ubuntu branch from 3e0b595 to 0aca173 Compare November 4, 2015 13:00
@inercia inercia assigned awh and unassigned inercia Nov 4, 2015
awh added a commit that referenced this pull request Nov 4, 2015
@awh
Merge pull request #1606 from weaveworks/issues/1578_ufw_ubuntu
7c4af88 
Add an iptables rule for letting weaveDNS requests in
@awh awh merged commit 7c4af88 into 1.2 Nov 4, 2015
@inercia inercia deleted the issues/1578_ufw_ubuntu branch November 5, 2015 09:18
@awh awh added this to the 1.2.1 milestone Nov 5, 2015
@inercia inercia mentioned this pull request Nov 6, 2015
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@awh awh

Labels
None yet
Projects
None yet
Milestone
1.2.1
Development

Successfully merging this pull request may close these issues.
3 participants
@inercia @rade @awh
0