cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] rhtyd commented on a change in pull request #13: Update Quick Installation Guide
Date Sat, 27 Oct 2018 20:08:50 GMT
rhtyd commented on a change in pull request #13: Update Quick Installation Guide
URL: https://github.com/apache/cloudstack-documentation/pull/13#discussion_r228724972
 
 

 ##########
 File path: source/quickinstallationguide/qig.rst
 ##########
 @@ -308,37 +341,50 @@ Now you'll need uncomment the configuration values in the file
    STATD_OUTGOING_PORT=2020
 
 Now we need to configure the firewall to permit incoming NFS connections. 
-Edit the file /etc/sysconfig/iptables
+Create firewalldnfs.sh, and add the following content to it: 
 
 .. parsed-literal::
 
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT
-
-Now you can restart the iptables service with the following command:
+   #!/bin/bash
+
+   firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 10 -m state --state ESTABLISHED,RELATED
-j ACCEPT
 
 Review comment:
   Firewall rules may be further simplified, for example as:
   ```
   iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
   iptables -I INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
   iptables -I INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
   iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
   iptables -I INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
   iptables-save > /etc/sysconfig/iptables
   ```
   Avoid firewall-cmd which I'm not if it's available by default.
   You can use iptables-save to persist any iptables rules.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message