Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

Fix exposed ports accessible from localhost only, fixes #3886 #3887

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix exposed ports accessible from localhost only, fixes #3886 #3887

wants to merge 1 commit into from

Conversation

insidewhy
Copy link

@insidewhy insidewhy commented Jan 1, 2018
edited

My attempt to fix #3886, it doesn't work yet but I need some support/acknowledgment on this issue.

insidewhy
insidewhy commented Jan 1, 2018
View reviewed changes
networking/portfwd.go
@@ -233,7 +233,7 @@ func (e *podEnv) portFwdChain(name string) string {
func (e *podEnv) portFwdChainRuleSpec(chain string, name string) []string {
switch name {
case "SNAT":
return []string{"-s", "127.0.0.1", "!", "-d", "127.0.0.1", "-j", chain}
return []string{"!", "-d", "127.0.0.1", "-j", chain}
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The source was set here as well as in the chain... different masquerade rules might have different dstIPHost's within the same chain though so seems best just to remove it from this rule.

@insidewhy
Copy link
Author

This solution doesn't seem to work but I'm throwing it out there for now as I really need help fixing this.

I'm just really not sure how useful rkt can be to me if it can only expose ports to localhost and I'm pretty surprised it's been this way for so long.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exposed ports only accessible on localhost, even with "--port name:0.0.0.0:dport"
1 participant
@insidewhy