Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
emulab
emulab-devel
Commits
ec2f5e1e
Commit
ec2f5e1e
authored
Jan 26, 2012
by
Ryan Jackson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More linux firwall rule fixes
parent
5bf2b449
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
10 additions
and
0 deletions
+10
-0
clientside/tmcc/linux/liblocsetup.pm
clientside/tmcc/linux/liblocsetup.pm
+7
-0
firewall/iptables-fw-rules
firewall/iptables-fw-rules
+3
-0
No files found.
clientside/tmcc/linux/liblocsetup.pm
View file @
ec2f5e1e
...
...
@@ -1287,6 +1287,7 @@ sub os_fwconfig_line($@) {
$upline
.=
"
vconfig add
$pdev
$vlanno
> /dev/null
\n
";
$upline
.=
"
ifconfig
$vlandev
up
\n
";
$upline
.=
"
brctl addbr br0
\n
";
$upline
.=
"
brctl stp br0 on
\n
";
$upline
.=
"
ifconfig br0 up
\n
";
$upline
.=
"
brctl addif br0
$pdev
\n
";
$upline
.=
"
brctl addif br0
$vlandev
\n
";
...
...
@@ -1429,12 +1430,16 @@ sub os_fwconfig_line($@) {
}
@fwrules
=
@new_rules
;
# For now, if a rule fails to load we want to fail open, not closed. Otherwise
# it may be difficult to debug things.
foreach
my
$rulestr
(
@fwrules
)
{
if
(
$rulestr
=~
/^iptables\s+/
)
{
$upline
.=
"
$rulestr
|| {
\n
";
$upline
.=
"
echo 'WARNING: could not load iptables rule:'
\n
";
$upline
.=
"
echo '
$rulestr
'
\n
";
$upline
.=
"
iptables -F
\n
";
$upline
.=
"
iptables -P INPUT ACCEPT
\n
";
$upline
.=
"
iptables -P OUTPUT ACCEPT
\n
";
$upline
.=
"
exit 1
\n
";
$upline
.=
"
}
\n
";
}
elsif
(
$rulestr
=~
/^ebtables\s+/
)
{
...
...
@@ -1442,6 +1447,8 @@ sub os_fwconfig_line($@) {
$upline
.=
"
echo 'WARNING: could not load ebtables rule:'
\n
";
$upline
.=
"
echo '
$rulestr
'
\n
";
$upline
.=
"
ebtables -F
\n
";
$upline
.=
"
ebtables -P INPUT ACCEPT
\n
";
$upline
.=
"
ebtables -P OUTPUT ACCEPT
\n
";
$upline
.=
"
exit 1
\n
";
$upline
.=
"
}
\n
";
}
...
...
firewall/iptables-fw-rules
View file @
ec2f5e1e
...
...
@@ -87,6 +87,9 @@ iptables -F OUTSIDE # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -m physdev --physdev-in vlandev -s EMULAB_CNET,0.0.0.0/32,255.255.255.255 -j INSIDE # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -m physdev --physdev-in pdev -j OUTSIDE # BASIC,CLOSED,ELABINELAB
# Allow everything from the gateway, since the gateway may be part of the node control net
iptables -A OUTSIDE -s EMULAB_GWIP -j ACCEPT # BASIC,CLOSED,ELABINELAB
# Can talk to myself. Does this do anything?
# This appears to be used by elvind?
#iptables -A INPUT -s me -d me -j ACCEPT # BASIC,CLOSED,ELABINELAB
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment