-
Notifications
You must be signed in to change notification settings - Fork 2
add host firewall
stack add host firewall {host} [action=string] [chain=string] [comment=string] [flags=string] [network=string] [output-network=string] [protocol=string] [rulename=string] [service=string] [table=string]
Add a firewall rule for the specified hosts.
-
{host}
Host name of machine
-
[action=string]
The iptables 'action' this rule should be applied to (e.g., ACCEPT, REJECT, DROP).
-
[chain=string]
The iptables 'chain' this rule should be applied to (e.g., INPUT, OUTPUT, FORWARD).
-
[comment=string]
A comment associated with this rule. The comment will be printed directly above the rule in the firewall configuration file.
-
[flags=string]
Optional flags associated with this rule. An example flag is: "-m state --state RELATED,ESTABLISHED".
-
[network=string]
The network this rule service should be applied to. This is a named network (e.g., 'private') and must be one listed by the command 'rocks list network'. To have this firewall rule apply to all networks, specify the keyword 'all'.
-
[output-network=string]
The output network this rule should be applied to. This is a named network (e.g., 'private') and must be one listed by the command 'rocks list network'.
-
[protocol=string]
The protocol associated with the service. For example, "tcp" or "udp". To have this firewall rule apply to all protocols, specify the keyword 'all'.
-
[rulename=string]
The rule name for the rule to add. This is the handle by which the admin can remove or override the rule.
-
[service=string]
The service identifier, port number or port range. For example "www", 8080 or 0:1024. To have this firewall rule apply to all services, specify the keyword 'all'.
-
[table=string]
The table to add the rule to. Valid values are 'filter', 'nat', 'mangle', and 'raw'. If this parameter is not specified, it defaults to 'filter'
-
stack add host firewall localhost network=private service="all" protocol="all" action="ACCEPT" chain="FORWARD"
Accept all services and all protocols from the private network on the FORWARD chain. If 'eth0' is associated with the private network, then this will be translated as the following iptables rule: "-A FORWARD -i eth0 -j ACCEPT".
-
stack add host firewall localhost network=all service="40000" protocol="tcp" action="REJECT" chain="INPUT"
Reject TCP packets that are destined for port 40000 on all networks on the INPUT chain. This will be translated into the following rule: "-A INPUT -p tcp --dport 40000 -j REJECT"
-
add
- add appliance
- add appliance attr
- add appliance firewall
- add appliance route
- add attr
- add bootaction
- add copyright
- add distribution
- add environment attr
- add firewall
- add host
- add host alias
- add host attr
- add host bonded
- add host bridge
- add host firewall
- add host interface
- add host key
- add host partition
- add host route
- add network
- add os attr
- add os firewall
- add os route
- add pallet
- add route
- add storage controller
- config
- create
- disable
- dump
- enable
- help
- iterate
- list
- load
- open
- remove
- report
- run
- set
- swap
- sync
- unload