diff options
author | HÃ¥kon Hallingstad <hakon@oath.com> | 2018-09-13 13:21:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-13 13:21:12 +0200 |
commit | e4defa3f3dc0057514e17955515c760aee754670 (patch) | |
tree | 8faa3a022da83919ffe0f49e2551d73b4a740f43 | |
parent | 8bd5151f8d6e66582c36656400b3faf596a38cb3 (diff) | |
parent | aa7af87fc2cc6d339eaee6072695c856f0835e5f (diff) |
Merge pull request #6940 from vespa-engine/hakonhall/document-redirect
Document REDIRECT
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java index 1febe070072..9259b522d17 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java @@ -52,6 +52,8 @@ public class AclMaintainer implements Runnable { private void applyRedirect(Container container, InetAddress address) { IPVersion ipVersion = IPVersion.get(address); + // Necessary to avoid the routing packets destined for the node's own public IP address + // via the bridge, which is illegal. String redirectRule = "-A OUTPUT -d " + InetAddresses.toAddrString(address) + ipVersion.singleHostCidr() + " -j REDIRECT"; IPTablesEditor.editLogOnError(dockerOperations, container.name, ipVersion, "nat", NatTableLineEditor.from(redirectRule)); } |