API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 19th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.70 KB | None | 0 0
raw download clone embed print report
  1. [root@controller-0 ~]# cat /etc/sysconfig/iptables
  2. # sample configuration for iptables service
  3. # you can edit this manually or use system-config-firewall
  4. # please do not ask us to add additional ports/services to this default configuration
  5. *filter
  6. :INPUT ACCEPT [0:0]
  7. :FORWARD ACCEPT [0:0]
  8. :OUTPUT ACCEPT [0:0]
  9. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  10. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  11. -A INPUT -p icmp -j ACCEPT
  12. -A INPUT -i lo -j ACCEPT
  13. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  14. -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  15. -A INPUT -m state --state NEW -m tcp -p tcp -s 0.0.0.0/0 --dport 22 -j ACCEPT
  16. -A INPUT -m state --state NEW -p all -s 192.168.0.0/22 -j ACCEPT
  17. -A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT
  18. -A INPUT -m state --state NEW -m tcp -p tcp --dport 35357 -j ACCEPT
  19. -A INPUT -m state --state NEW -m tcp -p tcp --dport 5001 -j ACCEPT
  20. -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
  21. -A INPUT -m state --state NEW -m tcp -p tcp --dport 9393 -j ACCEPT
  22. -A INPUT -m state --state NEW -m tcp -p tcp --dport 8774 -j ACCEPT
  23. -A INPUT -m state --state NEW -m tcp -p tcp --dport 6080 -j ACCEPT
  24. -A INPUT -m state --state NEW -m tcp -p tcp --dport 9696 -j ACCEPT
  25. -A INPUT -m state --state NEW -m udp -p udp --dport 4789 -j ACCEPT
  26. -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  27. -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
  28. -A INPUT -m state --state NEW -m tcp -p tcp --dport 8004 -j ACCEPT
  29. -A INPUT -m state --state NEW -m tcp -p tcp --dport 8001 -j ACCEPT
  30. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  31. COMMIT
  32.  
  33.  
  34. In memory Iptables output: (Just adding Partial output)
  35. Chain INPUT (policy ACCEPT)
  36. target prot opt source destination
  37. neutron-linuxbri-INPUT all -- 0.0.0.0/0 0.0.0.0/0
  38. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 state NEW
  39. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8004 state NEW
  40. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
  41. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
  42. ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4789 state NEW
  43. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9696 state NEW
  44. nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0
  45. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6080 state NEW
  46. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8774 state NEW
  47. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9393 state NEW
  48. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9292 state NEW
  49. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 state NEW
  50. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:35357 state NEW
  51. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 state NEW
  52. ACCEPT all -- 192.168.0.0/22 0.0.0.0/0 state NEW
  53. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
  54. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  55. ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
  56. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
  57. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
  58. REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
  59.  
  60. Chain FORWARD (policy ACCEPT)
  61. target prot opt source destination
  62. neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
  63. neutron-linuxbri-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
  64. nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
  65. nova-api-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
  66.  
  67. Chain OUTPUT (policy ACCEPT)
  68. target prot opt source destination
  69. neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
  70. neutron-linuxbri-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
  71. nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
  72. nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
  73.  
  74. Chain neutron-filter-top (2 references)
  75. target prot opt source destination
  76. neutron-linuxbri-local all -- 0.0.0.0/0 0.0.0.0/0
  77.  
  78. Chain neutron-linuxbri-FORWARD (1 references)
  79. target prot opt source destination
  80.  
  81. Chain neutron-linuxbri-INPUT (1 references)
  82. target prot opt source destination
  83.  
  84. Chain neutron-linuxbri-OUTPUT (1 references)
  85. target prot opt source destination
  86.  
  87. Chain neutron-linuxbri-local (1 references)
  88. target prot opt source destination
  89.  
  90. Chain neutron-linuxbri-sg-chain (0 references)
  91. :
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!