perfsonar-user - [perfsonar-user] /etc/sysconfig/iptables update bug
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Alan Whinery <>
- To: "" <>
- Subject: [perfsonar-user] /etc/sysconfig/iptables update bug
- Date: Sat, 22 Oct 2016 07:50:42 -1000
- Ironport-phdr: 9a23:x4L/FReBOte1A4TKap4n/GqolGMj4u6mDksu8pMizoh2WeGdxc66ZR7h7PlgxGXEQZ/co6odzbGJ4+a9AidZvN6oizMrTt9lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUka3CQ0gbPz4AIDJiMK+zaWv4JDJSwROmDenZ75udlO7oRib/p0OjJFsMaE3wwGMv2BFYcxXw39lP1Seg0y668utqs1N6SNV7tsl/sgIbqX7eakiXPQMEzQnNW0v9eXrvAbKTArJ63cBBDZF2iFUChTIuUmpFqz6tTH347Jw
Looks like something that updates f2b rules in /etc/sysconfig/iptables on Toolkit 3.5 is effectively repeating lines:
# Generated by iptables-save v1.4.7 on Thu Oct 13 15:21:59 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:f2b-sshd - [0:0]
:perfSONAR - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j perfSONAR
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A perfSONAR -p udp -m udp --dport 5001:5300 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW -m tcp --dport 5001:5300 -j ACCEPT
-A perfSONAR -p udp -m udp --dport 5301:5600 -j ACCEPT
(...)# Generated by iptables-save v1.4.7 on Thu Oct 13 15:21:59 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:f2b-sshd - [0:0]
:perfSONAR - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j perfSONAR
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
-A perfSONAR -p udp -m udp --dport 5001:5300 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW -m tcp --dport 5001:5300 -j ACCEPT
-A perfSONAR -p udp -m udp --dport 5301:5600 -j ACCEPT
- [perfsonar-user] /etc/sysconfig/iptables update bug, Alan Whinery, 10/22/2016
Archive powered by MHonArc 2.6.19.