From: Ravi Geda <gravik@amdocs.com>
Date: Wed, 17 Oct 2018 16:34:57 +0000 (+0100)
Subject: Exempt Cassandra traffic from fproxy
X-Git-Tag: 2.1.8~18
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F69%2F70669%2F1;p=aaf%2Fcadi.git

Exempt Cassandra traffic from fproxy

The connection to cassandra is not http/https. Hence bypassing it from
going through the forward proxy.

Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314
Issue-ID: AAF-572
Signed-off-by: Ravi Geda <gravik@amdocs.com>
---

diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
index c467d31..758a910 100644
--- a/sidecar/tproxy-config/src/main/bin/start.sh
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -22,5 +22,9 @@
 set -x
 set -eo pipefail
 
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT -s 127.0.0.1 --dport 61647
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9042
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 9160
+iptables -t nat -A OUTPUT -p tcp -j ACCEPT --dport 61621
 iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 10680 -m owner '!' --uid-owner 1001
 iptables -t nat --list