diff options
author | Håkon Hallingstad <hakon@oath.com> | 2018-09-13 12:15:22 +0200 |
---|---|---|
committer | Håkon Hallingstad <hakon@oath.com> | 2018-09-13 12:15:22 +0200 |
commit | aa7af87fc2cc6d339eaee6072695c856f0835e5f (patch) | |
tree | 6153b137a55e4423321137e65026e4ee368c0cd4 /node-admin | |
parent | d6a8223e91b50e181ba09cab0cf1030fddc87d66 (diff) |
Document REDIRECT
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java index 1febe070072..9259b522d17 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java @@ -52,6 +52,8 @@ public class AclMaintainer implements Runnable { private void applyRedirect(Container container, InetAddress address) { IPVersion ipVersion = IPVersion.get(address); + // Necessary to avoid the routing packets destined for the node's own public IP address + // via the bridge, which is illegal. String redirectRule = "-A OUTPUT -d " + InetAddresses.toAddrString(address) + ipVersion.singleHostCidr() + " -j REDIRECT"; IPTablesEditor.editLogOnError(dockerOperations, container.name, ipVersion, "nat", NatTableLineEditor.from(redirectRule)); } |