Sunday, January 18, 2015

Quick iptables setup to close off an outgoing IP for testing network interruption scenarios

I think for a lot of software testers these days, we have to test systems that span multiple servers.

Whether it's JGroups, 0MQ, or other messaging protocols, you have to make sure that systems behave correctly - or fail gracefully - when connections go down.

I posted about iptables before but it's good to review a couple of simple steps.

If I'm on a Linux system (like CentOS) I can test how a certain application might behave once it cannot connect to an external server.

If it's a simple system setup where you're testing just one application connection to another external application it's as easy as :

iptables -A OUTPUT -d [ip address] -j DROP

-A OUTPUT means to append to the OUTPUT chain (from this server to an external server)

-d is for the destination IP you want to block

-j is for jump target. If a packet matches what was stated for -A and -d then what should iptables do? In this case, I'm adding this packet to the DROP chain.

and...when I'm done testing and need to reenable communication to that IP,

iptables -F