aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRavi Geda <gravik@amdocs.com>2018-10-17 17:34:57 +0100
committerRavi Geda <gravik@amdocs.com>2018-10-17 17:34:57 +0100
commit46075b8aeef53bfb6574fe536b9763a2918a54ca (patch)
tree46ad0dbee08e53dea2f103d5ea034683a9095017
parentdbf1f65a4231fa911f18514776eeb7030dcf1b8d (diff)
Exempt Cassandra traffic from fproxy
The connection to cassandra is not http/https. Hence bypassing it from going through the forward proxy. Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314 Issue-ID: AAF-572 Signed-off-by: Ravi Geda <gravik@amdocs.com>
-rw-r--r--sidecar/tproxy-config/src/main/bin/start.sh4
1 files changed, 4 insertions, 0 deletions
diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
index c467d31..758a910 100644
--- a/sidecar/tproxy-config/src/main/bin/start.sh
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -22,5 +22,9 @@
set -x
set -eo pipefail
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT -s 127.0.0.1 --dport 61647
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9042
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9160
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 61621
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 10680 -m owner '!' --uid-owner 1001
iptables -t nat --list