Merge pull request #6940 from vespa-engine/hakonhall/document-redirect

Document REDIRECT
author: Håkon Hallingstad <hakon@oath.com> 2018-09-13 13:21:12 +0200
committer: GitHub <noreply@github.com> 2018-09-13 13:21:12 +0200
commit: e4defa3f3dc0057514e17955515c760aee754670 (patch)
tree: 8faa3a022da83919ffe0f49e2551d73b4a740f43
parent: 8bd5151f8d6e66582c36656400b3faf596a38cb3 (diff)
parent: aa7af87fc2cc6d339eaee6072695c856f0835e5f (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
index 1febe070072..9259b522d17 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
@@ -52,6 +52,8 @@ public class AclMaintainer implements Runnable {
 
     private void applyRedirect(Container container, InetAddress address) {
         IPVersion ipVersion = IPVersion.get(address);
+        // Necessary to avoid the routing packets destined for the node's own public IP address
+        // via the bridge, which is illegal.
         String redirectRule = "-A OUTPUT -d " + InetAddresses.toAddrString(address) + ipVersion.singleHostCidr() + " -j REDIRECT";
         IPTablesEditor.editLogOnError(dockerOperations, container.name, ipVersion, "nat", NatTableLineEditor.from(redirectRule));
     }
author	Håkon Hallingstad <hakon@oath.com>	2018-09-13 13:21:12 +0200
committer	GitHub <noreply@github.com>	2018-09-13 13:21:12 +0200
commit	e4defa3f3dc0057514e17955515c760aee754670 (patch)
tree	8faa3a022da83919ffe0f49e2551d73b4a740f43
parent	8bd5151f8d6e66582c36656400b3faf596a38cb3 (diff)
parent	aa7af87fc2cc6d339eaee6072695c856f0835e5f (diff)