ms/iz Clean up the ports we want.

2010-11-09 19:16:51 -08:00 · 2010-11-09 19:16:51 -08:00 · fce588a5c7
commit fce588a5c7
parent 4037ae9f33
1 changed files with 5 additions and 9 deletions
--- a/chef/cookbooks/common/files/default/iptables
+++ b/chef/cookbooks/common/files/default/iptables
@ -1,5 +1,4 @@
-# Firewall configuration written by system-config-securitylevel
-# Manual customization of this file is not recommended.
+# Firewall configuration, manually edited AGAINST ALL REASON
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
@ -9,13 +8,10 @@
 -A FORWARD -j RH-Firewall-1-INPUT
 -A RH-Firewall-1-INPUT -i lo -j ACCEPT
 -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
 -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT   #SSH
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT   #HTTP
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT  #HTTPS
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT #Websocket
 -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
 COMMIT