Skip to content

Commit

Permalink
Detect REJECT rule in FORWARD chain
Browse files Browse the repository at this point in the history
  • Loading branch information
@awh
awh committed Aug 21, 2015
1 parent 396df6b commit e186410
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions weave
View file
Expand Up @@ -155,6 +155,13 @@ enforce_docker_bridge_addr_assign_type() {
fi
}

check_forwarding_rules() {
if run_iptables -C FORWARD -j REJECT --reject-with icmp-host-prohibited > /dev/null 2>&1; then
echo "Found REJECT rule in iptables FORWARD chain; reconfigure your firewall" >&2
exit 1
fi
}

is_cidr() {
echo "$1" | grep -E "^$CIDR_REGEXP$" >/dev/null
}
Expand Down Expand Up @@ -1080,6 +1087,7 @@ common_launch_args() {
}

launch_router() {
check_forwarding_rules
enforce_docker_bridge_addr_assign_type
create_bridge
docker_bridge_ip
Expand Down

0 comments on commit e186410

Please sign in to comment.