Commit b9fee4b8 authored by Mike Hibler's avatar Mike Hibler

Account for change in MC address range for frisbee.

Add rules to allow outbound http,https (for windows)
parent 09b2bc77
......@@ -138,10 +138,12 @@ allow icmp from boss to any icmptypes 6,8 # 60090:
allow icmp from any to boss icmptypes 0 # 60091:
# Windows
# allow http, https (80,443) outbound for windows/cygwin updates
# SMB (445) with fs
# SSH (2222) into nodes
# rdesktop (3389) to nodes
# no blaster (135,4444) or slammer (1434) please!
allow tcp from any to any 80,443 in via vlan0 setup keep-state # 60103: WINDOWS,BASIC
allow tcp from any to fs 445 in via vlan0 setup keep-state # 60100: WINDOWS,BASIC
allow tcp from any to any 2222 in not recv vlan0 setup keep-state # 60101: WINDOWS
allow tcp from any not 0-1023 to any 3389 in not recv vlan0 setup keep-state # 60102: WINDOWS,BASIC
......
......@@ -70,9 +70,14 @@ print "$str\n"
DBQueryFatal($str)
if ($doit);
# Frisbee multicast info (XXX assumptions, assumptions!)
$FRISBEE_MCASTADDR = $FRISBEE_MCASTADDR . ".0/24";
$FRISBEE_MCASTPORT = $FRISBEE_MCASTPORT . "-" . ($FRISBEE_MCASTPORT + 255);
#
# Frisbee multicast info
# XXX assumptions, assumptions (as of 9/05):
# * Use a /8.
# * Use a single port (no range).
#
my @mcaddr = split /\./, $FRISBEE_MCASTADDR, 4;
$FRISBEE_MCASTADDR = $mcaddr[0] . ".0.0.0/8";
$str = "replace into default_firewall_vars values ('EMULAB_MCADDR', '$FRISBEE_MCASTADDR')";
print "$str\n"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment