perfSONAR User Q&A and Other Discussion

[Andrew Lake <>]

No, an update should not change the order of the rules so you shouldn't have to make the change again. We expect people will want to do this type of thing and try to accommodate it with this setup best we can.

On September 12, 2017 at 12:11:17 PM, Joseph Ghobrial () wrote:

Hi Andy, how does that relate to the first jump rule to perfSONAR? Will an update again move that rule to the first rule on the INPUT chain? If so then I'll always run into this. Just wanted to make sure I understand that if I insert something before the perfSONAR jump in the INPUT chain that it will remain where it is and not move up again thus overriding my rules.

Thanks,

Joseph

--
Joseph Ghobrial
Systems Analyst II
Office of Information Technology
Rice University

jghobrial@ rice.edu

x5190

On Mon, Sep 11, 2017 at 11:10 AM, Andrew Lake <> wrote:

Hi,

See http://docs.perfsonar.net/manage_security.html#adding-your-own-firewall-rules

TL;DR: Leave the perfSONAR chain alone and add your rules in a chain of higher priority.

Hope that helps,

Andy

On September 11, 2017 at 11:40:42 AM, Joseph Ghobrial () wrote:

Hi, I prefer to have my SSH port accessible to a restricted set of addresses, however the default perfSONAR iptables rules allows ssh from anywhere overriding my rules. How do I change the default behavior such that perfSONAR updates exclude including the builtin SSH rule? Or how do I change the default rule to be the way I want it?

Thanks,

Joseph

--
Joseph Ghobrial
Systems Analyst II
Office of Information Technology
Rice University

jghobrial@ rice.edu

x5190