womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba7afd00a4ea826fc12113d98de391aace1fd2d2
nova/plugins/xenserver/networking/etc/init.d/host-rules
T
Cory Wright ab0cba603d Rewrite of vif_rules.py to meet coding standards and be more pythonic in 
general.  Use absolute paths for iptables/ebtables/arptables in host-rules.
2010-12-20 17:24:08 -05:00

92 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# host-rules Start/Stop the networking host rules
#
# chkconfig: 2345 85 15
# description: Networking Host Rules for Multi Tenancy Protections
IPTABLES=/sbin/iptables
EBTABLES=/sbin/ebtables
ARPTABLES=/sbin/arptables
iptables-up()
{
$IPTABLES -P FORWARD DROP
$IPTABLES -A FORWARD -m physdev --physdev-in eth0 -j ACCEPT
$IPTABLES -A FORWARD -m physdev --physdev-in eth1 -j ACCEPT
}
ebtables-up()
{
$EBTABLES -P FORWARD DROP
$EBTABLES -A FORWARD -o eth0 -j ACCEPT
$EBTABLES -A FORWARD -o eth1 -j ACCEPT
}
arptables-up()
{
$ARPTABLES -P FORWARD DROP
$ARPTABLES -A FORWARD --opcode Request --in-interface eth0 -j ACCEPT
$ARPTABLES -A FORWARD --opcode Reply --in-interface eth0 -j ACCEPT
$ARPTABLES -A FORWARD --opcode Request --in-interface eth1 -j ACCEPT
$ARPTABLES -A FORWARD --opcode Reply --in-interface eth1 -j ACCEPT
}
iptables-down()
{
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -D FORWARD -m physdev --physdev-in eth0 -j ACCEPT
$IPTABLES -D FORWARD -m physdev --physdev-in eth1 -j ACCEPT
}
ebtables-down()
{
$EBTABLES -P FORWARD ACCEPT
$EBTABLES -D FORWARD -o eth0 -j ACCEPT
$EBTABLES -D FORWARD -o eth1 -j ACCEPT
}
arptables-down()
{
$ARPTABLES -P FORWARD ACCEPT
$ARPTABLES -D FORWARD --opcode Request --in-interface eth0 -j ACCEPT
$ARPTABLES -D FORWARD --opcode Reply --in-interface eth0 -j ACCEPT
$ARPTABLES -D FORWARD --opcode Request --in-interface eth1 -j ACCEPT
$ARPTABLES -D FORWARD --opcode Reply --in-interface eth1 -j ACCEPT
}
start()
{
iptables-up
ebtables-up
arptables-up
}
stop()
{
iptables-down
ebtables-down
arptables-down
}
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit $RETVAL
Reference in New Issue View Git Blame Copy Permalink