天道酬勤,学无止境

iptables

iptables 命令的 Spring 事务挂起(Spring transaction hangs for iptables command)

问题 作为进程错误处理的一部分,我们尝试使用以下 iptables 命令禁用进程与数据库机器侦听器端口之间的通信 iptables -A INPUT -p tcp --destination-port <database-listener-port> -s <database-host-ip> -j DROP 但是,这会导致进程卡住以下来自 AbstractPlatformTransactionManager::getTransaction 的日志 DEBUG: Creating new transaction with name [<Transaction-Name>]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; '' 启用它,稍后使用 'iptables -F' 使事务再次“恢复生机”,并且正在检索连接并成功结束。 我们最关心的是所有连接超时配置都没有被激活(?),因此我们挂起,我们的连接池默认值(见下文)都没有这样的无限超时(我们也尝试为 disabledConnectionTimeout 提供一个小的默认值,但是它没有帮助,我们返回了我们认为应该在生产中使用的真实默认值),并且我们期望应该执行某种取消操作。 abandonedConnectionTimeout=0 acquireIncrement=5

2021-09-14 19:43:57    分类:技术分享    spring   connection   iptables   pool

iptables 阻止本地连接到 mongodb(iptables blocking local connection to mongodb)

问题 我有一个带有 mongodb (2.0.4) 的 VM (Ubuntu 12.04.4 LTS),我想用 iptables 限制它只接受 SSH(输入/输出)而不接受其他任何东西。 这是我的设置脚本设置规则的样子: #!/bin/sh # DROP everything iptables -F iptables -X iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT DROP # input iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT # accept all ports for local conns # output iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT # ssh 但是激活这些规则后,我无法在本地连接到 mongodb。 ubuntu ~ $ mongo MongoDB shell version: 2.0.4

2021-09-13 13:24:19    分类:技术分享    mongodb   iptables

Android 上的 iptables 1.4.11(iptables 1.4.11 on Android)

问题 我已经从 http://source.android.com/source/building-kernels.html 下载了 Android 内核源代码 然后我启动了模拟器并想使用 iptable 规则,但出现以下错误。 iptable 包没有完全安装? 为什么缺少 NAT 表? 最初我开始关注 http://randomizedsort.blogspot.de/2011/03/porting-iptables-1410-to-android.html#comment-form_8482839589527760177 来安装 iptables,但在 adb shell 上看到了 iptablesv1.4.11.1 ,我已经放弃了这个想法。 有人试过在较新的 android 内核源代码上移植 iptables 吗? adb shell # su root # iptables -t nat -A OUTPUT -p tcp --dport 8000 -j REDIRECT --to-port 8080 FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450 iptables v1.4.11.1: can't initialize iptables table `nat': Table does not

2021-09-10 23:22:35    分类:技术分享    android   iptables

Cannot access kubernetes service via outside network

I setup kubernetes environment with kubernetes 1.3.0, and running master and node on same host, I run a tomcat web application with one RC, one Service with docker, all seems running fine, I can access the service via internal network with curl command, but when I try to access the Service from Internet with public IP, it is failure. The RC configure is: apiVersion: v1 kind: ReplicationController metadata: name: myweb spec: replicas: 2 selector: app: myweb template: metadata: labels: app: myweb spec: containers: - name: myweb image: kubeguide/tomcat-app:v1 ports: - containerPort: 8080 env: -

2021-09-08 08:23:01    分类:问答    networking   kubernetes   iptables

is tcpdump affected by iptables filtering?

If my development machine has an iptables rule to FORWARD some packets, are those packets being captured by tcpdump? I have this question because I know there exist other chain called INPUT which filters packets to apps, if a packet is routed to FORWARD chain, will it reach tcpdump app? May you make some reliable reference to official documentation or express well explained ideas to solve this question?

2021-09-07 12:49:07    分类:问答    linux   networking   linux-kernel   iptables   tcpdump

why docker0 need to be promiscuous mode?

when I use docker create a container in default bridge mode at one of my host docker run --name bb -dit busybox now I got an IP: 172.17.0.2 when I ping this ip, not work BUT BUT, when I use tcpdump for interface docker0, ping works* OR put docker0 to promiscuose mode, ping also works* My question is: why I need put docker0 into promiscuous mode(only this host), other hosts no need do this My iptables result: Chain INPUT (policy ACCEPT 29031 packets, 8703K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in

2021-09-05 14:16:35    分类:问答    docker   networking   iptables

iptables blocking local connection to mongodb

I have a VM (Ubuntu 12.04.4 LTS) with mongodb (2.0.4) that I want to restrict with iptables to only accepting SSH (in/out) and nothing else. This is how my setup script looks like to setup the rules: #!/bin/sh # DROP everything iptables -F iptables -X iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT DROP # input iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT # accept all ports for local conns # output iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 22 -j

2021-09-04 18:15:21    分类:问答    mongodb   iptables

Spring transaction hangs for iptables command

As part of error handling for our processes, we have tried to disable the communication between the process to the database machine listener port using the following iptables command iptables -A INPUT -p tcp --destination-port <database-listener-port> -s <database-host-ip> -j DROP However, this cause the process to get stuck with the following log coming from AbstractPlatformTransactionManager::getTransaction DEBUG: Creating new transaction with name [<Transaction-Name>]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; '' Enabling it, later on with 'iptables -F' makes the transaction 'get back to life

2021-09-04 17:53:13    分类:问答    spring   connection   iptables   pool

iptables 1.4.11 on Android

I have downloaded the Android kernel sources from http://source.android.com/source/building-kernels.html I have then started the emulator and wanted to play with iptable rules but I get this following error. Is the iptable package not fully installed? why is NAT table missing? Initially I had started following http://randomizedsort.blogspot.de/2011/03/porting-iptables-1410-to-android.html#comment-form_8482839589527760177 to install iptables, but having seen iptablesv1.4.11.1 on the adb shell, I had abandoned the idea. Has anybody tried porting iptables on newer android kernel sources?? adb

2021-09-02 21:50:18    分类:问答    android   iptables

Spark master-machine:7077 not reachable

I have a Spark Spark cluster where the master node is also the worker node. I can't reach the master from the driver-code node, and I get the error: 14:07:10 WARN client.AppClient$ClientEndpoint: Failed to connect to master master-machine:7077 The SparkContext in driver-code node is configured as: SparkConf conf = new SparkConf(true).setMaster(spark:master-machine//:7077); I can successfully ping master-machine, but I can't successfully telnet master-machine 7077. Meaning the machine is reachable but the port is not. What could be the issue? I have disabled Ubuntu's ufw firewall for both

2021-09-01 11:09:00    分类:问答    apache-spark   port   firewall   iptables   netstat