From b37d2b5c74fef6ad03d4feade43bb45c9e3d1501 Mon Sep 17 00:00:00 2001 From: toby Date: Mon, 29 Apr 2019 07:06:51 +0000 Subject: [PATCH] adding new 3300 port for ceph msgr2 protocol --- files/firewall | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/firewall b/files/firewall index 5383b0a..f1c7b01 100755 --- a/files/firewall +++ b/files/firewall @@ -91,10 +91,10 @@ case $1 in ip6tables -A INPUT -s 2604:bbc0:1:20::a001 -p tcp --sport 443 -j ACCEPT -m comment --comment "# mirrors.wit.com" ## ceph - ip6tables -A INPUT -i lo -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -i lo -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" - ip6tables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -i lo -m multiport -p tcp --dports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -i lo -m multiport -p tcp --sports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" + ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 3300,6789 -j ACCEPT -m comment --comment "ceph mon traffic" ip6tables -A INPUT -i lo -m multiport -p tcp --dports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic" ip6tables -A INPUT -i lo -m multiport -p tcp --sports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic" ip6tables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 6800:7300 -j ACCEPT -m comment --comment "ceph osd traffic"