From c8195a9cf8d1f808448271a65066e56cddafc8ba Mon Sep 17 00:00:00 2001 From: toby Date: Thu, 20 Sep 2018 16:40:25 +0200 Subject: [PATCH] adding first estimated rules for ceph --- files/firewall | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/files/firewall b/files/firewall index 169100f..08435dd 100755 --- a/files/firewall +++ b/files/firewall @@ -24,9 +24,12 @@ case $1 in iptables -A INPUT -s 170.199.217.0 -p udp --sport 53 -j ACCEPT # dns iptables -A INPUT -p icmp -j ACCEPT #traffic we want to see encrypted over the VPN - iptables -A INPUT -m policy --pol ipsec --dir in -p udp --dport 4789 -m policy --pol ipsec --dir in -j ACCEPT # vxlan traffic + iptables -A INPUT -m policy --pol ipsec --dir in -p udp --dport 4789 -j ACCEPT # vxlan traffic + iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT # ceph mon traffic + iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT # ceph mon traffic + iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 6800:7300 -j ACCEPT # ceph traffic + iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --sports 6800:7300 -j ACCEPT # ceph traffic iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 49152:49215 -j ACCEPT # libvirt live migration - #iptables -A INPUT -m policy --pol ipsec --dir in -m multiport -p tcp --dports 6800:7300 -j ACCEPT # ceph traffic ### mgmt iptables -A INPUT -i mgmt -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i mgmt -m state --state ESTABLISHED,RELATED -j ACCEPT