Sunday, January 18, 2015

Quick iptables setup to close off an outgoing IP for testing network interruption scenarios

I think for a lot of software testers these days, we have to test systems that span multiple servers.

Whether it's JGroups, 0MQ, or other messaging protocols, you have to make sure that systems behave correctly - or fail gracefully - when connections go down.

I posted about iptables before but it's good to review a couple of simple steps.

If I'm on a Linux system (like CentOS) I can test how a certain application might behave once it cannot connect to an external server.

If it's a simple system setup where you're testing just one application connection to another external application it's as easy as :

iptables -A OUTPUT -d [ip address] -j DROP

-A OUTPUT means to append to the OUTPUT chain (from this server to an external server)

-d is for the destination IP you want to block

-j is for jump target. If a packet matches what was stated for -A and -d then what should iptables do? In this case, I'm adding this packet to the DROP chain.

and...when I'm done testing and need to reenable communication to that IP,

iptables -F

No comments:

Exploring ELK (Elastic) Stack for hack-a-thon

At my current gig, our group finally got to do hack-a-thon week and I joined a team project that tied together a few of the technologies I...