iptables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When using Corosync with two rings via multi-cast addresses 226.94.1.1 (Port 
5405) & 226.94.1.2 (Port 5406) what iptables rules are required to allow two 
nodes to communicate optimally without giving any undue access and making the 
rules too lenient?

I current have:

iptables -A INPUT -p udp -m multiport --dports 5404,5405,5406 -j ACCEPT

Will that allow all the communication a Corosync/Pacemaker setup requires for 
both rings?

 I have heard arguments that something like:

iptables -I INPUT 1 -m pkttype --pkt-type multicast -j ACCEPT

is required. However I cannot seem to replicate a situation where this assists 
if the first rule I listed above is already in place.

The Red Hat documentation would seem to support the first approach. There is 
some IBM documentation espousing the second but is it just a case of a rule 
that is far too lenient when the first would do the job equally well whilst 
leaving no unnecessary ports open?
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss




[Index of Archives]     [Linux Clusters]     [Corosync Project]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Linux Kernel]     [Linux SCSI]     [X.Org]

  Powered by Linux