From 6a01e4988b6847ffd70f6cc544e40a77e2b9328d Mon Sep 17 00:00:00 2001
From: Adam Frank <afrank@wit.com>
Date: Sat, 22 Sep 2018 04:57:07 +0000
Subject: [PATCH] adding local ceph traffic rules

---
 files/firewall | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/files/firewall b/files/firewall
index 08435dd..58a47a2 100755
--- a/files/firewall
+++ b/files/firewall
@@ -30,6 +30,8 @@ case $1 in
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --dports  6800:7300                             -j ACCEPT   # ceph traffic
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   # ceph traffic
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --dports 49152:49215                            -j ACCEPT   # libvirt live migration
+        iptables -A INPUT -i lo                           -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   # local ceph traffic
+        iptables -A INPUT -i lo                           -m multiport      -p tcp   --dports  6800:7300                             -j ACCEPT   # local ceph traffic
        ### mgmt
         iptables -A INPUT -i mgmt                                           -p tcp   --dport  22                                     -j ACCEPT
         iptables -A INPUT -i mgmt -m state --state ESTABLISHED,RELATED                                                               -j ACCEPT