Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds iptable rules #12

Merged
merged 1 commit into from
Nov 18, 2020
Merged

Adds iptable rules #12

merged 1 commit into from
Nov 18, 2020

Conversation

hiwakaba
Copy link
Member

@hiwakaba hiwakaba commented Nov 18, 2020
edited
Loading

Relevant Issue (if applicable)

N/A

Details

This PR will accept packets that trove and k2hr3 system work correctly in virtual machines in VirtualBox and some public cloud environments.

  • Adds rules to FORWARD chain to allow k2hr3 system to query DNS for packages distribution servers
    sudo iptables -A LIBVIRT_FWX -i br-ex -s 172.24.4.0/24 -p udp -m udp --dport 53 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -o br-ex -d 172.24.4.0/24 -p udp -m udp --sport 53 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -i br-ex -s 172.24.4.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -o br-ex -d 172.24.4.0/24 -p tcp -m tcp --sport 53 -j ACCEPT
  • Adds rules to FORWARD chain to allow k2hr3 system to download packages using HTTP and HTTPS.
    sudo iptables -A LIBVIRT_FWX -i br-ex -s 172.24.4.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -o br-ex -d 172.24.4.0/24 -p tcp -m tcp --sport 80 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -i br-ex -s 172.24.4.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -o br-ex -d 172.24.4.0/24 -p tcp -m tcp --sport 443 -j ACCEPT
  • Adds rules to FORWARD chain: allow to k2hr3 system to sync time with time servers.
    sudo iptables -A LIBVIRT_FWX -i br-ex -s 172.24.4.0/24 -p udp -m udp --dport 123 -j ACCEPT
    sudo iptables -A LIBVIRT_FWX -o br-ex -d 172.24.4.0/24 -p udp -m udp --sport 123 -j ACCEPT
  • Adds rules to INPUT chain: allow k2hr3 api to connect with OpenStack services.
    sudo iptables -A LIBVIRT_INP -i br-ex -s 172.24.4.0/24 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    sudo iptables -A LIBVIRT_INP -i br-ex -s 172.24.4.0/24 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
  • Adds rules to INPUT chain: allow trove system to connect with RabbitMQ and k2hr3 system.
    sudo iptables -A LIBVIRT_INP -i br-ex -s 172.24.4.0/24 -p tcp -m state --state NEW -m tcp --dport 18080 -j ACCEPT
    sudo iptables -A LIBVIRT_INP -i br-ex -s 172.24.4.0/24 -p tcp -m state --state NEW -m tcp --dport 28080 -j ACCEPT
    sudo iptables -A LIBVIRT_INP -i br-ex -s 172.24.4.0/24 -d 172.24.4.0/24 -p tcp -m state --state NEW -m tcp --dport 5672 -j ACCEPT

@hiwakaba hiwakaba merged commit 39ac728 into yahoojapan:master Nov 18, 2020
@hiwakaba hiwakaba mentioned this pull request Jan 25, 2021
Merged
@ggtakec ggtakec mentioned this pull request Feb 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@hiwakaba