From 85aefd0470e48c904c115e56c47876ee17dc900d Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 21 Jan 2014 15:39:25 +0100
Subject: Add openstack firewall config module

---
 .../opt/openslx/iptables/rules.d/60-openstack-firewall         | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 server/modules/openstack-firewall/opt/openslx/iptables/rules.d/60-openstack-firewall

(limited to 'server')

diff --git a/server/modules/openstack-firewall/opt/openslx/iptables/rules.d/60-openstack-firewall b/server/modules/openstack-firewall/opt/openslx/iptables/rules.d/60-openstack-firewall
new file mode 100755
index 00000000..136f5c38
--- /dev/null
+++ b/server/modules/openstack-firewall/opt/openslx/iptables/rules.d/60-openstack-firewall
@@ -0,0 +1,10 @@
+#!/bin/ash
+
+# VNC
+iptables -A INPUT -i br0 -p tcp -s 10.4.9.73 --dport 5900:5999 -j ACCEPT
+iptables -A INPUT -i br0 -p tcp --dport 5900:5999 -j REJECT
+
+# KVM
+iptables -A INPUT -i br0 -p tcp -s 132.230.4.0/24 --dport 16509 -j ACCEPT
+iptables -A INPUT -i br0 -p tcp --dport 16509 -j REJECT
+
-- 
cgit v1.2.3-55-g7522