You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/05/23 23:02:04 UTC
[jira] [Commented] (VCL-1049) Add ability to clean up stale or
orphaned reservation chains on a NAT host
[ https://issues.apache.org/jira/browse/VCL-1049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16022035#comment-16022035 ]
ASF subversion and git services commented on VCL-1049:
------------------------------------------------------
Commit 1795977 from arkurth@apache.org in branch 'vcl/trunk'
[ https://svn.apache.org/r1795977 ]
VCL-1049
Added subroutines:
* iptables.pm::nat_delete_orphaned_reservation_chains
* iptables.pm::get_table_chain_names
* utils.pm::get_all_reservation_ids
VCL-1031
Updated regex's in iptables.pm::get_table_info to detect exclamation marks enclosed in single quotes, as may be returned by 'firewall-cmd --permanent --direct --get-all-rules'. The quotes were throwing off the detection of a MASQERADE rule when a CentOS 7/firewalld host is used as a NAT host.
Commented out some notify messages in iptables.pm and firewalld.pm which were generating a lot of noise.
> Add ability to clean up stale or orphaned reservation chains on a NAT host
> --------------------------------------------------------------------------
>
> Key: VCL-1049
> URL: https://issues.apache.org/jira/browse/VCL-1049
> Project: VCL
> Issue Type: Improvement
> Components: vcld (backend)
> Reporter: Andy Kurth
> Assignee: Andy Kurth
>
> The pre-VCL 2.5 NAT code did not properly remove all iptables chains it may have created on a NAT host. It would be useful if something was added that could compare the chains on a NAT host to the reservation IDs currently in the database and cleanup any that are no longer tied to a reservation.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)