From 46075b8aeef53bfb6574fe536b9763a2918a54ca Mon Sep 17 00:00:00 2001
From: Ravi Geda <gravik@amdocs.com>
Date: Wed, 17 Oct 2018 17:34:57 +0100
Subject: Exempt Cassandra traffic from fproxy

The connection to cassandra is not http/https. Hence bypassing it from
going through the forward proxy.

Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314
Issue-ID: AAF-572
Signed-off-by: Ravi Geda <gravik@amdocs.com>
---
 sidecar/tproxy-config/src/main/bin/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sidecar/tproxy-config')

diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
index c467d31..758a910 100644
--- a/sidecar/tproxy-config/src/main/bin/start.sh
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -22,5 +22,9 @@
 set -x
 set -eo pipefail
 
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT -s 127.0.0.1 --dport 61647
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9042
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9160
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 61621
 iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 10680 -m owner '!' --uid-owner 1001
 iptables -t nat --list
-- 
cgit 1.2.3-korg