sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-26 18:50:30 +03:00
Code

Prevent clients from connecting to the natgw address.

Browse Source 
This address is dedicated for outgoing connections.

BZ62613

(This used to be ctdb commit f0e48dd833a4408449083148c172c2136b934e5b)
This commit is contained in:
Ronnie Sahlberg 2010-06-01 12:43:32 +10:00
parent cb5210043d
commit db9e00eec8
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ctdb/config/events.d/11.natgw
View File

@ -23,6 +23,8 @@ delete_all() {
# were the NAT-GW
iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK -d ! $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
# remove any iptables rule we may have on this address
iptables -D INPUT -p tcp --syn -d _ip/32 -j REJECT 2>/dev/null
}
case "$1" in
@ -50,6 +52,12 @@ case "$1" in
NATGWIP=`ctdb natgwlist | head -1 | sed -e "s/^[^ ]* *//"`
CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e "s/\/.*/\/32/"`
# block all incoming connections to the natgw address
iptables -D INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
iptables -I INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
if [ "$NATGWMASTER" = "-1" ]; then
echo "There is not NATGW master node"
exit 1