In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
VCloud Director 5.1.1 installation Environment RHEL 6.2
/ etc/sysconfig/iptables content
# Generated by iptables-save v1.4.7 on Tue Mar 26 15:52:56 2013
* filter
: INPUT DROP [0:0]
: FORWARD DROP [0:0]
: OUTPUT DROP [0:0]
: RH-Firewall-1-INPUT-[0:0]
-An INPUT-j RH-Firewall-1-INPUT
-A FORWARD-j RH-Firewall-1-INPUT
-An OUTPUT-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp--icmp-type any-j ACCEPT
-A RH-Firewall-1-INPUT-p 50-j ACCEPT
-A RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT
# Simple
# Begin listing vCloud Director Ports Needed
# vCloud WebServices & vCenter/ESX Connections
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 443-j ACCEPT
# vCloud Optional
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT
# SSH
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 22-j ACCEPT
# vCloud Remote Console
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 902-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 903-j ACCEPT
# NFS
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 111j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- sport 111j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 111j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- sport 111j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 920-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- sport 920-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 920-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- sport 920-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 2049-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- sport 2049-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 2049-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- sport 2049-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 32803-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 32769-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 892-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 892-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 875-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 875-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 662-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 662-j ACCEPT
# DNS
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 53-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 53-j ACCEPT
# NTP
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 123-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 123-j ACCEPT
# LDAP
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 389-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 389-j ACCEPT
# SMTP
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 25-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 25-j ACCEPT
# Syslog
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 514-j ACCEPT
# vCenter & ESX
#-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 443-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 902-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 903-j ACCEPT
# Default Microsoft SQL Connections
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 1433-j ACCEPT
# Default Oracle Port Connections
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 1521-j ACCEPT
# AMQP Messaging (if Server exists)
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 5672-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 5672-j ACCEPT
# ActiveMQ
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 61611-j ACCEPT
-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 61616-j ACCEPT
# End listing vCloud Director Ports Needed
COMMIT
# Completed on Tue Mar 26 15:52:56 2013
Detailed description of the profile:
# Generated by iptables-save v1.4.7 on Tue Mar 26 15:52:56 2013
# Note description
* filter
# use filter table
: INPUT DROP [0:0]
: FORWARD DROP [0:0]
: OUTPUT DROP [0:0]
: RH-Firewall-1-INPUT-[0:0]
# the above four pieces define built-in INPUT, FORWAARD and ACCEPT chains, and create a new chain called RH-Firewall-1-INPUT
-An INPUT-j RH-Firewall-1-INPUT
# the above rule will be added to the INPUT chain, and all packets destined for the INPUT chain will jump to the RH-Firewall-1 chain.
-A FORWARD-j RH-Firewall-1-INPUT
# the above rule will be added to the FORWARD chain, and all packets destined for the FORWARD chain will jump to the RH-Firewall-1 chain.
-An OUTPUT-j RH-Firewall-1-INPUT
# the above rule will be added to the OUTPUT chain, and all packets destined for the OUTPUT chain will jump to the RH-Firewall-1 chain.
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
# the above rule will be added to the RH-Firewall-1-input chain, it can match all packets, where the incoming interface (- I) is a loop interface (lo), all packets that match this rule will pass (ACCEPT), and no other rules will be used to compare with them.
-A RH-Firewall-1-INPUT-p icmp--icmp-type any-j ACCEPT
# the above rule allows all icmp packets, followed by protocols such as icmp, tcp, udp, and the port is followed by-p-sport source port,-- dport destination port, and-j actions after specifying the destination address of the packet, such as ACCEPT, DROP, QUEUE, etc.
-A RH-Firewall-1-INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT
The condition #-m state-- state ESTABLISHED,RELATED means that all packages in ESTABLISHED or RELATED state are accepted by policy.
-A RH-Firewall-1-INPUT-m state-- state NEW
#-A RH-Firewall-1-INPUT-m state-- state NEW is the policy when the state of the connection is initial connection (NEW).
For other strategies, see the notes.
Attachment: http://down.51cto.com/data/2362545
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
