How to set iptables in glusterfs 3.2.7 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

with help on irc guys, I moved that line to bottom:

------------------------------------------------------------
# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Apr 11 00:09:23 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [21:1996]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 24007:24047 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1000:1100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 38465:38485 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Apr 11 00:09:23 2013
-----------------------------------------------------------

:-)

thanks !


? 2013?04?10? 20:31, David Coulson ??:
>
> On 4/10/13 8:28 AM, Jian Lee wrote:
>>
>> # cat /etc/sysconfig/iptables
>> # Generated by iptables-save v1.4.7 on Thu Apr 11 00:09:23 2013
>> *filter
>> :INPUT ACCEPT [0:0]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [21:1996]
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -p icmp -j ACCEPT
>> -A INPUT -i lo -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> Start by removing the line above. That makes all of your gluster rules
> below useless.
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 24007:24047 -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 1000:1100 -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
>> -A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 38465:38485 -j ACCEPT
>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
>> COMMIT
>> # Completed on Thu Apr 11 00:09:23 2013
>>
>
>

-- 
Jian  Lee   ( http://www.ylinux.org/ren/2 )
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux