Commit a442f6df authored by Leigh Stoller's avatar Leigh Stoller

Add rules to allow event proxy port in. This is needed on openvz

hosts, since we are not using a prerouting rule like we do for XEN
containers. Note that I am using the dom0 ules rules on openvz
physical hosts, but might have to split it out if I get any more
special cases like this.
parent 576ce2db
......@@ -142,6 +142,14 @@ iptables -A OUTPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT # BAS
iptables -A INPUT -p gre -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
iptables -A OUTPUT -p gre -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
#
# Event Proxy. So we do not actually need this on XEN dom0, but we use these
# rules on openvz too (no prerouting rule). We might want to try restricting
# these to just the local node, but probably not worth the effort.
#
iptables -A INPUT -p tcp -d me -s EMULAB_CNET --dport 16505 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED,ELABINELAB
iptables -A INPUT -p tcp -d me -s EMULAB_VCNET --dport 16505 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED,ELABINELAB
#
# Set up default policies for the standard chains
# For all but the wide-open case, the default should
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment