Commit 57407051 authored by Leigh Stoller's avatar Leigh Stoller

Back out last change, not working cause of XEN using -I to insert its own

rules. Need another approach.
parent 0358035c
...@@ -168,13 +168,13 @@ iptables -P OUTPUT DROP # BASIC,CLOSED,ELABINELAB ...@@ -168,13 +168,13 @@ iptables -P OUTPUT DROP # BASIC,CLOSED,ELABINELAB
# #
# Block port 111 (rpcbind) from reaching the nodes. # Block port 111 (rpcbind) from reaching the nodes.
# #
iptables -A FORWARD -s 127.0.0.1/32 -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -s 127.0.0.1/32 -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -s EMULAB_VCNET -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -s EMULAB_VCNET -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -s EMULAB_VCNET -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -s EMULAB_VCNET -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -s EMULAB_CNET -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -s EMULAB_CNET -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -s EMULAB_CNET -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -s EMULAB_CNET -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j DROP # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -p tcp -m physdev --physdev-in eth0 -m tcp --dport 111 -j DROP # BASIC,CLOSED,ELABINELAB
iptables -A FORWARD -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j DROP # BASIC,CLOSED,ELABINELAB #iptables -A FORWARD -p udp -m physdev --physdev-in eth0 -m udp --dport 111 -j DROP # BASIC,CLOSED,ELABINELAB
# #
# Drop some logging in for debugging. # Drop some logging in for debugging.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment