Iptables Solution
Mike McGrath
mmcgrath at redhat.com
Mon Jun 25 22:10:25 UTC 2007
Mike McGrath wrote:
> lmacken, skvidal and xDamonx have been working together to create a
> simple (and predictable) set of iptables rules. They're now ready and
> xDamonx will be deploying them. The iptables template is done and
> basically all thats needed to deploy is added to the manifests file.
> For example, here's whats in our db group (as is in
> manifests/servergroups/db.pp:
>
>
> # firewall Rules
> $tcpPorts = [ 3306, 5432 ]
> $udpPorts = [ ]
I've added custom rules to this. Now you can also add:
$custom = [ '-A INPUT -p tcp -m blah blah',
'Some other rule' ]
To the server groups. These rules are added directly before the tcp and
udp rules.
-Mike
More information about the Fedora-infrastructure-list
mailing list