[GitHub] AlexBeez commented on a change in pull request #13: Update Quick Installation Guide

Sat, 27 Oct 2018 15:15:30 -0700 

AlexBeez commented on a change in pull request #13: Update Quick Installation 
Guide
URL: 
https://github.com/apache/cloudstack-documentation/pull/13#discussion_r228728113
 
 

 ##########
 File path: source/quickinstallationguide/qig.rst
 ##########
 @@ -308,37 +341,50 @@ Now you'll need uncomment the configuration values in 
the file
    STATD_OUTGOING_PORT=2020
 
 Now we need to configure the firewall to permit incoming NFS connections. 
-Edit the file /etc/sysconfig/iptables
+Create firewalldnfs.sh, and add the following content to it: 
 
 .. parsed-literal::
 
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 2049 -j 
ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 32803 -j 
ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 32769 -j 
ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT
-   -A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT
-
-Now you can restart the iptables service with the following command:
+   #!/bin/bash
+
+   firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 10 -m state 
--state ESTABLISHED,RELATED -j ACCEPT
 
 Review comment:
   As per the discussion with Andrija, it's been elected that since this guide 
is meant to provide a test environment and shouldn't be used for production, 
this section will be removed in favor of disabling the firewall entirely. 
   
   (firewall-cmd IS the default for CentOS 7, and any changes not made by it 
are at risk of being overwritten as long as it's enabled - at least I think 
that's the behavior)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to