# were the NAT-GW
iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK -d ! $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
+ # remove any iptables rule we may have on this address
+ iptables -D INPUT -p tcp --syn -d _ip/32 -j REJECT 2>/dev/null
}
case "$1" in
NATGWIP=`ctdb natgwlist | head -1 | sed -e "s/^[^ ]* *//"`
CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e "s/\/.*/\/32/"`
+
+ # block all incoming connections to the natgw address
+ iptables -D INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
+ iptables -I INPUT -p tcp --syn -d $CTDB_NATGW_PUBLIC_IP_HOST -j REJECT 2>/dev/null
+
+
if [ "$NATGWMASTER" = "-1" ]; then
echo "There is not NATGW master node"
exit 1