Add rules for afs3_callback in and out rules for kerberos and openafs. #6
Conversation
|
Happy to add an |
|
@nbarrientos and I are happy to do some reviews of other MRs by the way. |
If you have at least an idea, what should be added, it would be nice to have it. |
traylenator
changed the title
|
@duritong I checked with one of the AFS admins who advised those ports. It may well differ for different cells but that's okay. |
In particular the afs callback to the cache manager(7001) which is UDP and always IPv4 since there OpenAFS does not support IPv6. https://wiki.openafs.org/devel/AFSServicePorts/
|
While writing the tests for Should I use On a related note I see there is a udp+tcp in one line but it is pretty unreadable. can switch of course. |
a5f5fb1 Merge pull request voxpupuli#13 from traylenator/comment 21d0496 Merge pull request voxpupuli#14 from cernops/ct_away 7b14f6d Merge pull request voxpupuli#6 from traylenator/afs ea96d5d Move ct rules from global to INPUT and OUTPUT 61f03b4 Switch $order$fragmenta/b to $order-$fragment-a/b e53053c Add comments for all the nftable::rules entries 9785cd5 lint fix 215aee1 Add kerberos out and openafs_client out f3f2870 Add rules for afs3_callback git-subtree-dir: code git-subtree-split: a5f5fb1
Add the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not support IPv6.
include nftables::rules::afs3_callbackFor background OpenAFS servers connect to clients on the
afs3_callbackport and it is the serverinitiating the connection. The clients have already connected to server on a completely different ports.
To configure an openafs client in totality
include nftables::services::openafs_clientwhich will allow both outbound connections clients need and the inbound cache callbacks.
https://wiki.openafs.org/devel/AFSServicePorts/