Versions Compared

Old Version 1

changes.mady.by.user Copy Page Tree

Saved on

compared with

New Version Current

changes.mady.by.user Aaron Enfield

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Created 2/27/2012 aaron.enfield · Updated 10/31/2012 aaron.enfield

If when running iptables -L, there are no rules on the CSN, then you can run:

 /opt/caringo/csn/bin/setfirewall.sh

to regenerate these rules.

 

The rules should look like this:

[root@csninternalnic ~]# iptables -L

Chain INPUT (policy ACCEPT)

...

target     prot

...

CSNFIREWALL all – anywhere anywhere

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED

ACCEPT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Chain CSNFIREWALL (1 references)

target prot opt source destination

ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp – anywhere anywhere tcp dpt:http

ACCEPT tcp – anywhere anywhere tcp dpt:ssh

ACCEPT udp – anywhere anywhere udp spt:domain dpts:1024:65535

ACCEPT tcp – anywhere anywhere tcp dpt:webcache

ACCEPT tcp – anywhere anywhere tcp dpt:8090

ACCEPT udp – anywhere anywhere udp dpt:ntp

ACCEPT udp – anywhere anywhere udp dpt:snmp

ACCEPT tcp – anywhere anywhere tcp dpt:snmp

ACCEPT udp – anywhere anywhere udp dpt:mdns

ACCEPT icmp – anywhere anywhere icmp echo-request

...

 opt source               destination        
CSNFIREWALL  all  --  anywhere             anywhere           
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
 
Chain CSNFIREWALL (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain dpts:1024:65535
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8090
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ntp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:snmp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:snmp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mdns
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
DROP       all  --  anywhere             anywhere