[Devel] [PATCH] scripts: add "-w" to iptables command
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Thu Sep 28 10:40:37 MSK 2017
Can we have these script running with older iptables version which does
not have "-w"?
On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote:
> Neede to support new versions of iptables.
>
> https://jira.sw.ru/browse/PSBM-73153
>
> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
> ---
> scripts/nfs-ports-allow.sh | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh
> index 97541dc..ac5cf5f 100644
> --- a/scripts/nfs-ports-allow.sh
> +++ b/scripts/nfs-ports-allow.sh
> @@ -36,10 +36,10 @@ function add_accept_rules {
> local server=$1
> local port=$2
>
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT
> }
>
> function iptables_allow_nfs_ports {
> @@ -63,10 +63,10 @@ function allow_portmapper_port {
> local server=$1
> local port=111
>
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s $server --sport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d $server --dport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s $server --sport $port -j ACCEPT &&
> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d $server --dport $port -j ACCEPT
> }
>
> for s in $servers; do
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list