위키
포럼
도구
바뀐글
랜덤

팩스택 /etc/sysconfig/iptables

1 개요[ | ]

팩스택 /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Fri Sep 22 19:53:48 2017
*mangle
:PREROUTING ACCEPT [24566:21877726]
:INPUT ACCEPT [24558:21876110]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [23063:2645096]
:POSTROUTING ACCEPT [23063:2645096]
COMMIT
# Completed on Fri Sep 22 19:53:48 2017
# Generated by iptables-save v1.4.21 on Fri Sep 22 19:53:48 2017
*raw
:PREROUTING ACCEPT [23595:21500487]
:OUTPUT ACCEPT [22090:2268465]
:neutron-openvswi-OUTPUT - [0:0]
:neutron-openvswi-PREROUTING - [0:0]
-A PREROUTING -j neutron-openvswi-PREROUTING
-A OUTPUT -j neutron-openvswi-OUTPUT
COMMIT
# Completed on Fri Sep 22 19:53:48 2017
# Generated by iptables-save v1.4.21 on Fri Sep 22 19:53:48 2017
*nat
:PREROUTING ACCEPT [32:5456]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1030:77219]
:POSTROUTING ACCEPT [1030:77219]
-A POSTROUTING -s 172.24.4.0/24 -o enp0s3 -m comment --comment "000 nat" -j MASQUERADE
COMMIT
# Completed on Fri Sep 22 19:53:48 2017
# Generated by iptables-save v1.4.21 on Fri Sep 22 19:53:48 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:560]
:neutron-filter-top - [0:0]
:neutron-openvswi-FORWARD - [0:0]
:neutron-openvswi-INPUT - [0:0]
:neutron-openvswi-OUTPUT - [0:0]
:neutron-openvswi-local - [0:0]
:neutron-openvswi-sg-chain - [0:0]
:neutron-openvswi-sg-fallback - [0:0]
-A INPUT -j neutron-openvswi-INPUT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.56.101" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming cinder_192.168.56.101" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8776 -m comment --comment "001 cinder-api incoming cinder_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon 80 incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming keystone" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming mariadb_192.168.56.101" -j ACCEPT
-A INPUT -p udp -m multiport --dports 67 -m comment --comment "001 neutron dhcp in incoming neutron_dhcp_in_192.168.56.101" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_192.168.56.101" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p gre -m comment --comment "001 neutron tunnel port incoming neutron_tunnel_192.168.56.101_192.168.56.101" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8773,8774,8775,8778 -m comment --comment "001 nova api incoming nova_api" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 5900:5999 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.56.101_192.168.56.101" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8080 -m comment --comment "001 swift proxy incoming swift_proxy" -j ACCEPT
-A INPUT -s 192.168.56.101/32 -p tcp -m multiport --dports 6000,6001,6002,873 -m comment --comment "001 swift storage and rsync incoming swift_storage_and_rsync_192.168.56.101" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j neutron-filter-top
-A FORWARD -j neutron-openvswi-FORWARD
-A FORWARD -i br-ex -m comment --comment "000 forward in" -j ACCEPT
-A FORWARD -o br-ex -m comment --comment "000 forward out" -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j neutron-filter-top
-A OUTPUT -j neutron-openvswi-OUTPUT
-A OUTPUT -p udp -m multiport --dports 68 -m comment --comment "001 neutron dhcp out outgoing neutron_dhcp_out_192.168.56.101" -j ACCEPT
-A neutron-filter-top -j neutron-openvswi-local
-A neutron-openvswi-sg-chain -j ACCEPT
-A neutron-openvswi-sg-fallback -m comment --comment "Default drop rule for unmatched traffic." -j DROP
COMMIT
# Completed on Fri Sep 22 19:53:48 2017

2 같이 보기[ | ]

원본 주소 "https://zetawiki.com/w/index.php?title=팩스택_/etc/sysconfig/iptables&oldid=342349"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}