API tools faq
paste
Guest User

Untitled

a guest
Feb 15th, 2016
46
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.75 KB | None | 0 0
raw download clone embed print report
  1. cat /etc/sysconfig/iptables
  2. # Generated by iptables-save v1.4.21 on Mon Feb 15 00:11:48 2016
  3. *raw
  4. :PREROUTING ACCEPT [193832:81269428]
  5. :OUTPUT ACCEPT [191226:24024460]
  6. :neutron-openvswi-OUTPUT - [0:0]
  7. :neutron-openvswi-PREROUTING - [0:0]
  8. -A PREROUTING -j neutron-openvswi-PREROUTING
  9. -A OUTPUT -j neutron-openvswi-OUTPUT
  10. COMMIT
  11. # Completed on Mon Feb 15 00:11:48 2016
  12. # Generated by iptables-save v1.4.21 on Mon Feb 15 00:11:48 2016
  13. *mangle
  14. :PREROUTING ACCEPT [226880:127908678]
  15. :INPUT ACCEPT [226880:127908678]
  16. :FORWARD ACCEPT [0:0]
  17. :OUTPUT ACCEPT [219853:27213468]
  18. :POSTROUTING ACCEPT [219853:27213468]
  19. :neutron-openvswi-FORWARD - [0:0]
  20. :neutron-openvswi-INPUT - [0:0]
  21. :neutron-openvswi-OUTPUT - [0:0]
  22. :neutron-openvswi-POSTROUTING - [0:0]
  23. :neutron-openvswi-PREROUTING - [0:0]
  24. :neutron-openvswi-mark - [0:0]
  25. :nova-api-POSTROUTING - [0:0]
  26. -A PREROUTING -j neutron-openvswi-PREROUTING
  27. -A INPUT -j neutron-openvswi-INPUT
  28. -A FORWARD -j neutron-openvswi-FORWARD
  29. -A OUTPUT -j neutron-openvswi-OUTPUT
  30. -A POSTROUTING -j neutron-openvswi-POSTROUTING
  31. -A POSTROUTING -j nova-api-POSTROUTING
  32. -A neutron-openvswi-PREROUTING -j neutron-openvswi-mark
  33. COMMIT
  34. # Completed on Mon Feb 15 00:11:48 2016
  35. # Generated by iptables-save v1.4.21 on Mon Feb 15 00:11:48 2016
  36. *nat
  37. :PREROUTING ACCEPT [28:4379]
  38. :INPUT ACCEPT [28:4379]
  39. :OUTPUT ACCEPT [2128:135288]
  40. :POSTROUTING ACCEPT [2128:135288]
  41. :neutron-openvswi-OUTPUT - [0:0]
  42. :neutron-openvswi-POSTROUTING - [0:0]
  43. :neutron-openvswi-PREROUTING - [0:0]
  44. :neutron-openvswi-float-snat - [0:0]
  45. :neutron-openvswi-snat - [0:0]
  46. :neutron-postrouting-bottom - [0:0]
  47. :nova-api-OUTPUT - [0:0]
  48. :nova-api-POSTROUTING - [0:0]
  49. :nova-api-PREROUTING - [0:0]
  50. :nova-api-float-snat - [0:0]
  51. :nova-api-snat - [0:0]
  52. :nova-postrouting-bottom - [0:0]
  53. -A PREROUTING -j neutron-openvswi-PREROUTING
  54. -A PREROUTING -j nova-api-PREROUTING
  55. -A OUTPUT -j neutron-openvswi-OUTPUT
  56. -A OUTPUT -j nova-api-OUTPUT
  57. -A POSTROUTING -s 172.24.4.224/28 -o eth0 -m comment --comment "000 nat" -j MASQUERADE
  58. -A POSTROUTING -j neutron-openvswi-POSTROUTING
  59. -A POSTROUTING -j neutron-postrouting-bottom
  60. -A POSTROUTING -j nova-api-POSTROUTING
  61. -A POSTROUTING -j nova-postrouting-bottom
  62. -A neutron-openvswi-snat -j neutron-openvswi-float-snat
  63. -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-openvswi-snat
  64. -A nova-api-snat -j nova-api-float-snat
  65. -A nova-postrouting-bottom -j nova-api-snat
  66. COMMIT
  67. # Completed on Mon Feb 15 00:11:48 2016
  68. # Generated by iptables-save v1.4.21 on Mon Feb 15 00:11:48 2016
  69. *filter
  70. :INPUT ACCEPT [2:104]
  71. :FORWARD ACCEPT [0:0]
  72. :OUTPUT ACCEPT [4:208]
  73. :neutron-filter-top - [0:0]
  74. :neutron-openvswi-FORWARD - [0:0]
  75. :neutron-openvswi-INPUT - [0:0]
  76. :neutron-openvswi-OUTPUT - [0:0]
  77. :neutron-openvswi-local - [0:0]
  78. :neutron-openvswi-sg-chain - [0:0]
  79. :neutron-openvswi-sg-fallback - [0:0]
  80. :nova-api-FORWARD - [0:0]
  81. :nova-api-INPUT - [0:0]
  82. :nova-api-OUTPUT - [0:0]
  83. :nova-api-local - [0:0]
  84. :nova-filter-top - [0:0]
  85. -A INPUT -j neutron-openvswi-INPUT
  86. -A INPUT -j nova-api-INPUT
  87. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.20.192" -j ACCEPT
  88. -A INPUT -p tcp -m multiport --dports 8777 -m comment --comment "001 ceilometer-api incoming ceilometer_api" -j ACCEPT
  89. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming cinder_192.168.20.192" -j ACCEPT
  90. -A INPUT -p tcp -m multiport --dports 8776 -m comment --comment "001 cinder-api incoming cinder_api" -j ACCEPT
  91. -A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_api" -j ACCEPT
  92. -A INPUT -p tcp -m multiport --dports 8004 -m comment --comment "001 heat incoming heat" -j ACCEPT
  93. -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon 80 incoming" -j ACCEPT
  94. -A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming keystone" -j ACCEPT
  95. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming mariadb_192.168.20.192" -j ACCEPT
  96. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 27017 -m comment --comment "001 mongodb-server incoming mongodb_server" -j ACCEPT
  97. -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 nagios incoming" -j ACCEPT
  98. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 5666 -m comment --comment "001 nagios-nrpe incoming nagios_nrpe" -j ACCEPT
  99. -A INPUT -p udp -m multiport --dports 67 -m comment --comment "001 neutron dhcp in incoming neutron_dhcp_in_192.168.20.192" -j ACCEPT
  100. -A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_192.168.20.192" -j ACCEPT
  101. -A INPUT -s 192.168.20.192/32 -p udp -m multiport --dports 4789 -m comment --comment "001 neutron tunnel port incoming neutron_tunnel_192.168.20.192_192.168.20.192" -j ACCEPT
  102. -A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 nova api incoming nova_api" -j ACCEPT
  103. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 5900:5999 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
  104. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.20.192_192.168.20.192" -j ACCEPT
  105. -A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT
  106. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 6379 -m comment --comment "001 redis service incoming redis service from 192.168.20.192" -j ACCEPT
  107. -A INPUT -p tcp -m multiport --dports 8386 -m comment --comment "001 sahara api incoming sahara-api" -j ACCEPT
  108. -A INPUT -p tcp -m multiport --dports 8080 -m comment --comment "001 swift proxy incoming swift_proxy" -j ACCEPT
  109. -A INPUT -s 192.168.20.192/32 -p tcp -m multiport --dports 6000,6001,6002,873 -m comment --comment "001 swift storage and rsync incoming swift_storage_and_rsync_192.168.20.192" -j ACCEPT
  110. -A FORWARD -i br-ex -m comment --comment "000 forward in" -j ACCEPT
  111. -A FORWARD -o br-ex -m comment --comment "000 forward out" -j ACCEPT
  112. -A FORWARD -j neutron-filter-top
  113. -A FORWARD -j neutron-openvswi-FORWARD
  114. -A FORWARD -j nova-filter-top
  115. -A FORWARD -j nova-api-FORWARD
  116. -A OUTPUT -j neutron-filter-top
  117. -A OUTPUT -j neutron-openvswi-OUTPUT
  118. -A OUTPUT -p udp -m multiport --dports 68 -m comment --comment "001 neutron dhcp out outgoing neutron_dhcp_out_192.168.20.192" -j ACCEPT
  119. -A OUTPUT -j nova-filter-top
  120. -A OUTPUT -j nova-api-OUTPUT
  121. -A neutron-filter-top -j neutron-openvswi-local
  122. -A neutron-openvswi-sg-chain -j ACCEPT
  123. -A neutron-openvswi-sg-fallback -m comment --comment "Default drop rule for unmatched traffic." -j DROP
  124. -A nova-api-INPUT -d 192.168.20.192/32 -
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!