Created 2/27/2012 aaron.enfield · Updated 10/31/2012 aaron.enfield
If when running iptables -L, there are no rules on the CSN, then you can run:
/opt/caringo/csn/bin/setfirewall.sh
to regenerate these rules.
The rules should look like this:
[root@csninternalnic ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
CSNFIREWALL all – anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain CSNFIREWALL (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp – anywhere anywhere tcp dpt:http
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
ACCEPT udp – anywhere anywhere udp spt:domain dpts:1024:65535
ACCEPT tcp – anywhere anywhere tcp dpt:webcache
ACCEPT tcp – anywhere anywhere tcp dpt:8090
ACCEPT udp – anywhere anywhere udp dpt:ntp
ACCEPT udp – anywhere anywhere udp dpt:snmp
ACCEPT tcp – anywhere anywhere tcp dpt:snmp
ACCEPT udp – anywhere anywhere udp dpt:mdns
ACCEPT icmp – anywhere anywhere icmp echo-request
DROP all – anywhere anywhere