'[Rocks-Discuss] Re: iptable rules replaced on reboot'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    [Rocks-Discuss] Re: iptable rules replaced on reboot
From:       Philip Papadopoulos <ppapadopoulos () ucsd ! edu>
Date:       2016-07-22 17:22:50
Message-ID: CAG7Zqt34D4EEyRXMsqHojFXmTmmCWYb7bEEEjka+jHiKX3rbgA () mail ! gmail ! com
[Download RAW message or body]

the OS stores firewall rules in /etc/sysconfig/iptables
The Rocks firewall support will rewrite that file whenever the firewall is
synched.

Most likely, you added the rules for your webserver interactively

There's a pretty decent writeup on the firewall support (v4) for rocks
http://central6.rocksclusters.org/roll-documentation/base/6.1.1/firewall.html

Basically,
add a rule
sync to become active

try something like

# rocks add firewall host=frontend network=public protocol=tcp
service=www  chain=INPUT action=ACCEPT rulename=A20-PUBLIC-WWW-TCP
# rocks add firewall host=frontend network=public protocol=tcp
service=https  chain=INPUT action=ACCEPT rulename=A20-PUBLIC-HTTPS-UDP

# rocks sync host firewall localhost



On Fri, Jul 22, 2016 at 6:57 AM, Pat Haley <phaley@mit.edu> wrote:

> 
> Hi,
> 
> We recently upgraded to Rocks 6.2.  Yesterday we rebooted our frontend
> machine for the first time since the upgrade.  We discovered (belatedly)
> that the iptable rules we were using were replace by another (default?) set
> that disabled our web server to the outside world.  Is there a way to
> prevent this from happening again?
> 
> Thanks
> 
> --
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Pat Haley                          Email:  phaley@mit.edu
> Center for Ocean Engineering       Phone:  (617) 253-6824
> Dept. of Mechanical Engineering    Fax:    (617) 253-8125
> MIT, Room 5-213                    http://web.mit.edu/phaley/www/
> 77 Massachusetts Avenue
> Cambridge, MA  02139-4301
> 
> 


-- 
Philip Papadopoulos, Ph.D
ppapadopoulos@ucsd.edu
(858) 822-3628
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20160722/40e7cf28/attachment.html \



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic