[Pacemaker] How SuSEfirewall2 affects on openais startup?
Aleksey Zholdak
aleksey at zholdak.com
Thu May 13 05:29:16 EDT 2010
Hi
> As the SuSEfirewall2 firewall is based on iptables rules, I think you
> can run a loop such as this to get the actual configuration in place
> for table in filter nat mangle raw ; do echo "--- $table ---"; iptables
> -t $table -L -n; done > /tmp/iptables.log
--- filter ---
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
input_int all -- 0.0.0.0/0 0.0.0.0/0
input_int all -- 0.0.0.0/0 0.0.0.0/0
input_ext all -- 0.0.0.0/0 0.0.0.0/0
input_ext all -- 0.0.0.0/0 0.0.0.0/0
input_int all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain forward_int (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
broadcast
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 tcp dpt:5560 flags:0x17/0x02 LOG flags 6 level 4 prefix
`SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5560
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5405
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE =
multicast
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg
3/min burst 5 state INVALID LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT-INV '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain input_int (3 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain reject_func (0 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-proto-unreachable
--- nat ---
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--- mangle ---
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
--- raw ---
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
NOTRACK all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NOTRACK all -- 0.0.0.0/0 0.0.0.0/0
--
С уважением,
ЖОЛДАК Алексей
ICQ 150074
MSN aleksey at zholdak.com
Skype aleksey.zholdak
Voice +380442388043
More information about the Pacemaker
mailing list