How to set iptables in glusterfs 3.2.7 ?

david at davidcoulson.net (David Coulson) · Wed, 10 Apr 2013 08:31:21 -0400



On 4/10/13 8:28 AM, Jian Lee wrote:
>
> # cat /etc/sysconfig/iptables
> # Generated by iptables-save v1.4.7 on Thu Apr 11 00:09:23 2013
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [21:1996]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
Start by removing the line above. That makes all of your gluster rules 
below useless.
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 24007:24047 -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 1000:1100 -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
> -A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 38465:38485 -j ACCEPT
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Thu Apr 11 00:09:23 2013
>