[Engine-patches] Change in ovirt-engine[master]: packaging: use default INPUT chain

Alon Bar-Lev Fri, 05 Oct 2012 02:53:20 -0700

Alon Bar-Lev has uploaded a new change for review.

Change subject: packaging: use default INPUT chain
......................................................................


packaging: use default INPUT chain

RH-Firewall-1-INPUT was a symbol used in RHEL5, no need to keep it
around.

Also fix syntax to match default chain generation.

Change-Id: I8cfbabc31c964c9ff2374e32e1c65d3611f0883c
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/setup/iptables.default
2 files changed, 7 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/77/8377/1

diff --git a/packaging/fedora/setup/engine-setup.py 
b/packaging/fedora/setup/engine-setup.py
index a9ccaff..41c2f92 100755
--- a/packaging/fedora/setup/engine-setup.py
+++ b/packaging/fedora/setup/engine-setup.py
@@ -916,7 +916,8 @@
         for portCfg in ports:
             for protocol in portCfg["protocol"]:
                 lines.append(
-                    "-A RH-Firewall-1-INPUT -m state --state NEW -p %s --dport 
%s -j ACCEPT" % (
+                    "-A INPUT -p %s -m state --state NEW -m %s --dport %s -j 
ACCEPT" % (
+                        protocol,
                         protocol,
                         portCfg["port"]
                     )
diff --git a/packaging/fedora/setup/iptables.default 
b/packaging/fedora/setup/iptables.default
index 4c7b0f1..a7294b9 100644
--- a/packaging/fedora/setup/iptables.default
+++ b/packaging/fedora/setup/iptables.default
@@ -4,14 +4,11 @@
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [52:9697]
-:RH-Firewall-1-INPUT - [0:0]
--A INPUT -j RH-Firewall-1-INPUT
--A FORWARD -j RH-Firewall-1-INPUT
--A RH-Firewall-1-INPUT -i lo -j ACCEPT
--A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
--A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 @CUSTOM_RULES@
 #drop all rule
--A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
 COMMIT


--
To view, visit http://gerrit.ovirt.org/8377
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8cfbabc31c964c9ff2374e32e1c65d3611f0883c
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: packaging: use default INPUT chain

Reply via email to