Need some looking at iptables change.
Ricky Zhou
ricky at fedoraproject.org
Thu Jul 2 02:22:42 UTC 2009
On 2009-07-01 08:10:17 PM, Stephen John Smoogen wrote:
> Make the patch smaller.
> ---
> configs/system/iptables-template.conf.erb | 5 +----
> 1 files changed, 1 insertions(+), 4 deletions(-)
>
> diff --git a/configs/system/iptables-template.conf.erb
> b/configs/system/iptables-template.conf.erb
> index 90a6115..9ccbec0 100644
> --- a/configs/system/iptables-template.conf.erb
> +++ b/configs/system/iptables-template.conf.erb
> @@ -24,7 +24,6 @@
> # Temporary measure for ro access to nfs1
> -A INPUT -p tcp -m tcp -s 10.8.34.113 --dport 48621:48624 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.113 --dport 48621:48624 -j ACCEPT
> --A INPUT -p tcp -m tcp -s 10.8.34.113 --dport 51234:51235 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.113 --dport 2049 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.113 --dport 2049 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.113 --dport 111 -j ACCEPT
> @@ -32,7 +31,6 @@
>
> -A INPUT -p tcp -m tcp -s 10.8.34.114 --dport 48621:48624 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.114 --dport 48621:48624 -j ACCEPT
> --A INPUT -p tcp -m tcp -s 10.8.34.114 --dport 51234:51235 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.114 --dport 2049 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.114 --dport 2049 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.114 --dport 111 -j ACCEPT
> @@ -40,7 +38,6 @@
>
> -A INPUT -p tcp -m tcp -s 10.8.34.83 --dport 48621:48624 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.83 --dport 48621:48624 -j ACCEPT
> --A INPUT -p tcp -m tcp -s 10.8.34.83 --dport 51234:51235 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.83 --dport 2049 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.83 --dport 2049 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.83 --dport 111 -j ACCEPT
> @@ -48,7 +45,6 @@
>
> -A INPUT -p tcp -m tcp -s 10.8.34.196 --dport 48621:48624 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.196 --dport 48621:48624 -j ACCEPT
> --A INPUT -p tcp -m tcp -s 10.8.34.196 --dport 51234:51235 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.196 --dport 2049 -j ACCEPT
> -A INPUT -p udp -m udp -s 10.8.34.196 --dport 2049 -j ACCEPT
> -A INPUT -p tcp -m tcp -s 10.8.34.196 --dport 111 -j ACCEPT
> @@ -61,6 +57,7 @@
> -A INPUT -p tcp -m tcp -d 10.8.34.125 --dport 8140 -j ACCEPT
> -A INPUT -p tcp -m tcp -d 10.8.34.125 --dport 873 -j ACCEPT
> -A INPUT -p tcp -m tcp -d 10.8.34.125 --dport 80 -j ACCEPT
> +-A INPUT -p tcp -m tcp -d 10.8.34.125 --dport 51234:51235 -j ACCEPT
> -A INPUT -p tcp -m tcp -d 10.8.34.50 --dport 25 -j ACCEPT
> -A INPUT -s 10.8.34.113 -j REJECT --reject-with icmp-host-prohibited
> -A INPUT -s 10.8.34.114 -j REJECT --reject-with icmp-host-prohibited
> --
> 1.5.5.6
Looks good to me.
Thanks,
Ricky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090701/20c0efdb/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list