diff options
-rwxr-xr-x | core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs b/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs index bfb9a391..8debd2cc 100755 --- a/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs +++ b/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs @@ -1,13 +1,18 @@ #!/bin/ash # Allow PVS ports -# Control connection - server and client perspective +# Control connection: server incoming, client outgoing iptables -I ipt-helper-INPUT 1 -i br0 -p tcp --dport 5194 -j ACCEPT iptables -I ipt-helper-OUTPUT 1 -o br0 -p tcp --dport 5194 -j ACCEPT -# UDP discovery - server and client perspective +# UDP discovery +# pvsmgr: allow incoming discovery (broadcast) iptables -I ipt-helper-INPUT 1 -i br0 -p udp --dport 3492 -j ACCEPT -iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --dport 3492 -j ACCEPT +# pvsmgr: allow outgoing discovery reply (unicast) iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --sport 3492 -j ACCEPT +# pvsclient: allow outgoing discovery (broadcast) +iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --dport 3492 -j ACCEPT +# pvsclient: allow incoming discovery reply (unicast) +iptables -I ipt-helper-INPUT 1 -i br0 -p udp --sport 3492 -j ACCEPT # VNC connection - incoming and outgoing - small range as we use -autoport iptables -I ipt-helper-INPUT 1 -i br0 -p tcp --dport 54112:54122 -j ACCEPT iptables -I ipt-helper-OUTPUT 1 -o br0 -p tcp --dport 54112:54122 -j ACCEPT |