Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ==========================================
- XENSERVER IPTABLES
- ==========================================
- # iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- neutron-openvswi-INPUT all -- anywhere anywhere
- ACCEPT gre -- anywhere anywhere
- RH-Firewall-1-INPUT all -- anywhere anywhere
- Chain FORWARD (policy DROP)
- target prot opt source destination
- neutron-filter-top all -- anywhere anywhere
- neutron-openvswi-FORWARD all -- anywhere anywhere
- RH-Firewall-1-INPUT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0
- ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth1
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- neutron-filter-top all -- anywhere anywhere
- neutron-openvswi-OUTPUT all -- anywhere anywhere
- Chain RH-Firewall-1-INPUT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- ACCEPT icmp -- anywhere anywhere icmp any
- ACCEPT udp -- anywhere anywhere udp dpt:bootps
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- ACCEPT udp -- anywhere anywhere ctstate NEW udp dpt:ha-cluster
- ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
- ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:https
- ACCEPT tcp -- anywhere anywhere tcp dpt:21064
- ACCEPT udp -- anywhere anywhere multiport dports hpoms-dps-lstn,netsupport
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain neutron-filter-top (2 references)
- target prot opt source destination
- neutron-openvswi-local all -- anywhere anywhere
- Chain neutron-openvswi-FORWARD (1 references)
- target prot opt source destination
- neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-out tap696e1525-a5 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
- neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-in tap696e1525-a5 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
- neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-out tapb03ff89d-4b --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
- neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-in tapb03ff89d-4b --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
- Chain neutron-openvswi-INPUT (1 references)
- target prot opt source destination
- neutron-openvswi-o696e1525-a all -- anywhere anywhere PHYSDEV match --physdev-in tap696e1525-a5 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
- neutron-openvswi-ob03ff89d-4 all -- anywhere anywhere PHYSDEV match --physdev-in tapb03ff89d-4b --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
- Chain neutron-openvswi-OUTPUT (1 references)
- target prot opt source destination
- Chain neutron-openvswi-i696e1525-a (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
- RETURN udp -- 10.0.1.2 anywhere udp spt:bootps udp dpt:bootpc
- DROP all -- anywhere anywhere state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
- neutron-openvswi-sg-fallback all -- anywhere anywhere /* Send unmatched traffic to the fallback chain. */
- Chain neutron-openvswi-ib03ff89d-4 (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
- RETURN udp -- ipv4-85-53-2.as55666.net anywhere udp spt:bootps udp dpt:bootpc
- DROP all -- anywhere anywhere state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
- neutron-openvswi-sg-fallback all -- anywhere anywhere /* Send unmatched traffic to the fallback chain. */
- Chain neutron-openvswi-local (1 references)
- target prot opt source destination
- Chain neutron-openvswi-o696e1525-a (2 references)
- target prot opt source destination
- RETURN udp -- default 255.255.255.255 udp spt:bootpc dpt:bootps /* Allow DHCP client traffic. */
- neutron-openvswi-s696e1525-a all -- anywhere anywhere
- RETURN udp -- anywhere anywhere udp spt:bootpc dpt:bootps /* Allow DHCP client traffic. */
- DROP udp -- anywhere anywhere udp spt:bootps udp dpt:bootpc /* Prevent DHCP Spoofing by VM. */
- RETURN all -- anywhere anywhere state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
- DROP all -- anywhere anywhere state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
- neutron-openvswi-sg-fallback all -- anywhere anywhere /* Send unmatched traffic to the fallback chain. */
- Chain neutron-openvswi-ob03ff89d-4 (2 references)
- target prot opt source destination
- RETURN udp -- default 255.255.255.255 udp spt:bootpc dpt:bootps /* Allow DHCP client traffic. */
- neutron-openvswi-sb03ff89d-4 all -- anywhere anywhere
- RETURN udp -- anywhere anywhere udp spt:bootpc dpt:bootps /* Allow DHCP client traffic. */
- DROP udp -- anywhere anywhere udp spt:bootps udp dpt:bootpc /* Prevent DHCP Spoofing by VM. */
- RETURN all -- anywhere anywhere state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
- DROP all -- anywhere anywhere state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
- neutron-openvswi-sg-fallback all -- anywhere anywhere /* Send unmatched traffic to the fallback chain. */
- Chain neutron-openvswi-s696e1525-a (1 references)
- target prot opt source destination
- RETURN all -- 10.0.1.23 anywhere MAC FA:16:3E:F7:C6:38 /* Allow traffic from defined IP/MAC pairs. */
- DROP all -- anywhere anywhere /* Drop traffic without an IP/MAC allow rule. */
- Chain neutron-openvswi-sb03ff89d-4 (1 references)
- target prot opt source destination
- RETURN all -- ipv4-86-53-2.as55666.net anywhere MAC FA:16:3E:DF:6D:E1 /* Allow traffic from defined IP/MAC pairs. */
- DROP all -- anywhere anywhere /* Drop traffic without an IP/MAC allow rule. */
- Chain neutron-openvswi-sg-chain (4 references)
- target prot opt source destination
- neutron-openvswi-i696e1525-a all -- anywhere anywhere PHYSDEV match --physdev-out tap696e1525-a5 --physdev-is-bridged /* Jump to the VM specific chain. */
- neutron-openvswi-o696e1525-a all -- anywhere anywhere PHYSDEV match --physdev-in tap696e1525-a5 --physdev-is-bridged /* Jump to the VM specific chain. */
- neutron-openvswi-ib03ff89d-4 all -- anywhere anywhere PHYSDEV match --physdev-out tapb03ff89d-4b --physdev-is-bridged /* Jump to the VM specific chain. */
- neutron-openvswi-ob03ff89d-4 all -- anywhere anywhere PHYSDEV match --physdev-in tapb03ff89d-4b --physdev-is-bridged /* Jump to the VM specific chain. */
- ACCEPT all -- anywhere anywhere
- Chain neutron-openvswi-sg-fallback (4 references)
- target prot opt source destination
- DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement