This pull request fix https://github.com/aws/amazon-ecs-init/issues/360,
Currently, iptables rule that drops packets to port 51678 is removed on ecs service stop only when ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS=false(default). When customer changing ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS from false to true with the consecutive systemctl restart ecs doesn't remove the iptables rule which drops packets to port 51678.
This PR remove iptables rule that drops packets to port 51678 unconditionally on ecs service stop to avoid the case above.
Implementation details
remove the conditional check, when customer change the ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS=False to True, stop/restart the iptable rule will be removed.
Testing
modifies current test case.
Description for the changelog
Licensing
This contribution is under the terms of the Apache 2.0 License:
Summary
This pull request fix https://github.com/aws/amazon-ecs-init/issues/360, Currently, iptables rule that drops packets to port 51678 is removed on ecs service stop only when ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS=false(default). When customer changing ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS from false to true with the consecutive systemctl restart ecs doesn't remove the iptables rule which drops packets to port 51678.
This PR remove iptables rule that drops packets to port 51678 unconditionally on ecs service stop to avoid the case above.
Implementation details
remove the conditional check, when customer change the ECS_ALLOW_OFFHOST_INTROSPECTION_ACCESS=False to True, stop/restart the iptable rule will be removed.
Testing
modifies current test case.
Description for the changelog
Licensing
This contribution is under the terms of the Apache 2.0 License: