Commit cb301e70 authored by Mike Hibler's avatar Mike Hibler

Remove elvind and cvsup ports from those allowed to boss/ops.

parent 2d486aea
#
# Copyright (c) 2005-2011 University of Utah and the Flux Group.
# Copyright (c) 2005-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -185,11 +185,8 @@ allow ip from fs to me frag # 35: BASIC,CLOSED,ELABINELAB
# Special services
# cvsup to boss
allow tcp from me to boss 5999 setup keep-state # 36: BASIC,CLOSED,ELABINELAB
# elvind to ops (unicast TCP and multicast UDP)
allow ip from me to ops 2917 keep-state # 38: BASIC,CLOSED,ELABINELAB
# pubsubd to ops (unicast TCP and multicast UDP)
allow ip from me to ops 16505 keep-state # 38: BASIC,CLOSED,ELABINELAB
# slothd to boss
allow udp from me to boss 8509 # 40: BASIC,CLOSED,ELABINELAB
......@@ -325,11 +322,7 @@ allow ip from fs to any frag # 60035: BASIC,CLOSED
# Special services
# cvsup to boss
allow tcp from any to boss 5999 setup keep-state # 60036: BASIC,CLOSED
# elvind or pubsubd to ops (unicast TCP and multicast UDP)
allow ip from any to ops 2917 keep-state # 60038: BASIC,CLOSED
# pubsubd to ops (unicast TCP and multicast UDP)
allow ip from any to ops 16505 keep-state # 60039: BASIC,CLOSED
# slothd to boss
......
#
# Copyright (c) 2005-2011 University of Utah and the Flux Group.
# Copyright (c) 2005-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -220,14 +220,8 @@ iptables -A OUTSIDE -s fs -d me -f -j ACCEPT # BASIC,CLOSED,ELABINELAB
# Special services
# cvsup to boss
iptables -A INSIDE -p tcp -d boss --dport 5999 --syn -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
iptables -A OUTPUT -p tcp -s me -d boss --dport 5999 --syn -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED,ELABINELAB
# elvind or pubsubd to ops (unicast TCP and multicast UDP)
iptables -A INSIDE -p udp -d ops --dport 2917 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
# pubsubd to ops (unicast TCP and multicast UDP)
iptables -A INSIDE -p udp -d ops --dport 16505 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
iptables -A INSIDE -p tcp -d ops --dport 2917 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
iptables -A INSIDE -p tcp -d ops --dport 16505 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED
iptables -A OUTPUT -p tcp -s me -d ops --dport 16505 -m conntrack --ctstate NEW -j ACCEPT # BASIC,CLOSED,ELABINELAB
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment