Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### iptables on the Compute node _after_ vm instance 1 is launched and nova secgroup rules added
- root@kvm-sn-10i:~# iptables -L -n
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- nova-compute-INPUT all -- 0.0.0.0/0 0.0.0.0/0
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
- nova-compute-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
- nova-compute-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
- Chain nova-compute-FORWARD (1 references)
- target prot opt source destination
- Chain nova-compute-INPUT (1 references)
- target prot opt source destination
- Chain nova-compute-OUTPUT (1 references)
- target prot opt source destination
- Chain nova-compute-inst-1 (1 references) # <--- Chain for our vm instance
- target prot opt source destination
- DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
- ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- nova-compute-provider all -- 0.0.0.0/0 0.0.0.0/0
- ACCEPT udp -- 50.50.1.1 0.0.0.0/0 udp spt:67 dpt:68
- ACCEPT all -- 50.50.1.0/24 0.0.0.0/0
- ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 # <-- Here
- ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 # <-- And here
- nova-compute-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
- Chain nova-compute-local (1 references)
- target prot opt source destination
- nova-compute-inst-1 all -- 0.0.0.0/0 50.50.1.2
- Chain nova-compute-provider (1 references)
- target prot opt source destination
- Chain nova-compute-sg-fallback (1 references)
- target prot opt source destination
- DROP all -- 0.0.0.0/0 0.0.0.0/0
- Chain nova-filter-top (2 references)
- target prot opt source destination
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
