Using TCP and UDP proxy or exclusion in the iptables rule spec (like port 22 for ssh).
We used the iptables rule exception for SSH to allow connectivity even if Glutton failed or crashed without flushing the rules.
There is a benefit in using a proxy in Glutton for pass-through for non-critical ports as we maintain visibility. Being able to collect at least metadata allows us to maintain a full picture directly from Glutton.
Sample rule for pass-through:
rules:
- match: tcp dst port 1234
type: passthrough
Using TCP and UDP proxy or exclusion in the iptables rule spec (like port 22 for ssh).
We used the iptables rule exception for SSH to allow connectivity even if Glutton failed or crashed without flushing the rules.
There is a benefit in using a proxy in Glutton for pass-through for non-critical ports as we maintain visibility. Being able to collect at least metadata allows us to maintain a full picture directly from Glutton.
Sample rule for pass-through: