diff --git a/files/firewall b/files/firewall index 5383b0a..f1c7b01 100755 --- a/files/firewall +++ b/files/firewall @@ -91,10 +91,10 @@ case $1 in ip6tables -A INPUT -s 2604:bbc0:1:20::a001 -p tcp --sport 443 -j ACCEPT -m comment --comment "# mirrors.wit.com" ## ceph - ip6tables -A INPUT -i lo -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -i lo -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -i lo -m multiport -p tcp --dports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -i lo -m multiport -p tcp --sports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" ip6tables -A INPUT -i lo -m multiport -p tcp --dports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic" ip6tables -A INPUT -i lo -m multiport -p tcp --sports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic" ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic"