aboutsummaryrefslogtreecommitdiffstats
path: root/node-admin
diff options
context:
space:
mode:
authorMartin Polden <mpolden@mpolden.no>2022-08-24 11:34:10 +0200
committerMartin Polden <mpolden@mpolden.no>2022-08-24 11:34:10 +0200
commit6816bbb5787c5aa959dda4df6ce612ea3abdfd35 (patch)
treebdee2099ca834a040b3d697d5c26b44cc01ac7c7 /node-admin
parent63e1792a84d3f4fbcb07e43cbc5eb79d7b77994d (diff)
Re-order options to avoid diff when comparing with existing rules
Diffstat (limited to 'node-admin')
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.java4
-rw-r--r--node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/AclTest.java12
2 files changed, 8 insertions, 8 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.java
index dd78e08aaa6..2908cf39fc8 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.java
@@ -76,8 +76,8 @@ public class Acl {
.sorted()
.toList();
for (var ipAddress : clusterAddresses) {
- rules.add("-A INPUT -p tcp -m multiport --dports " + joinPorts(zooKeeperPorts) + " -s " +
- ipAddress + ipVersion.singleHostCidr() + " -j ACCEPT");
+ rules.add("-A INPUT -s " + ipAddress + ipVersion.singleHostCidr() + " -p tcp -m multiport --dports " +
+ joinPorts(zooKeeperPorts) + " -j ACCEPT");
}
// Reject any other connections to ZooKeeper
rules.add("-A INPUT -p tcp -m multiport --dports " + joinPorts(zooKeeperPorts) +
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/AclTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/AclTest.java
index e1a481ea4ff..c4bee8bb1dc 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/AclTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/AclTest.java
@@ -126,9 +126,9 @@ public class AclTest {
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,4443 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 172.17.0.41/32 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 172.17.0.42/32 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 172.17.0.43/32 -j ACCEPT
+ -A INPUT -s 172.17.0.41/32 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
+ -A INPUT -s 172.17.0.42/32 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
+ -A INPUT -s 172.17.0.43/32 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 2181,2182,2183 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 172.17.0.41/32 -j ACCEPT
-A INPUT -s 172.17.0.42/32 -j ACCEPT
@@ -145,9 +145,9 @@ public class AclTest {
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,4443 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 2001:db8::41/128 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 2001:db8::42/128 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 2181,2182,2183 -s 2001:db8::43/128 -j ACCEPT
+ -A INPUT -s 2001:db8::41/128 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
+ -A INPUT -s 2001:db8::42/128 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
+ -A INPUT -s 2001:db8::43/128 -p tcp -m multiport --dports 2181,2182,2183 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 2181,2182,2183 -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -s 2001:db8::41/128 -j ACCEPT
-A INPUT -s 2001:db8::42/128 -j ACCEPT