-
-
Save HugoKuo/619a0b02ffb5485bff77a50709041037 to your computer and use it in GitHub Desktop.
firewalld
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Logs begin at Fri 2018-01-12 16:34:52 CST, end at Fri 2018-01-12 16:36:23 CST. -- | |
| Jan 12 16:35:01 ssnode1x-platform-centos7 systemd[1]: Starting firewalld - dynamic firewall daemon... | |
| Jan 12 16:35:03 ssnode1x-platform-centos7 systemd[1]: Started firewalld - dynamic firewall daemon. | |
| Jan 12 16:35:07 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: rule '('-j', 'ssacct-in')' is not in 'ipv4:filter:INPUT' | |
| Jan 12 16:35:08 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: rule '('-j', 'ssacct-out')' is not in 'ipv4:filter:OUTPUT' | |
| Jan 12 16:35:10 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: chain 'ssacct-in' is not in 'ipv4:filter' | |
| Jan 12 16:35:10 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: chain 'ssacct-out' is not in 'ipv4:filter' | |
| Jan 12 16:35:11 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: rule '('-j', 'ssnode-in')' is not in 'ipv4:filter:INPUT' | |
| Jan 12 16:35:12 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: rule '('-j', 'ssnode-out')' is not in 'ipv4:filter:OUTPUT' | |
| Jan 12 16:35:14 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: chain 'ssnode-in' is not in 'ipv4:filter' | |
| Jan 12 16:35:14 ssnode1x-platform-centos7 firewalld[680]: ERROR: NOT_ENABLED: chain 'ssnode-out' is not in 'ipv4:filter' | |
| root@ssnode1x-platform-centos7:~$ iptables -L | |
| Chain INPUT (policy ACCEPT) | |
| target prot opt source destination | |
| ssvpn-in all -- anywhere anywhere | |
| ssacct-in all -- anywhere anywhere | |
| ssnode-in all -- anywhere anywhere | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| ACCEPT all -- anywhere anywhere | |
| INPUT_direct all -- anywhere anywhere | |
| INPUT_ZONES_SOURCE all -- anywhere anywhere | |
| INPUT_ZONES all -- anywhere anywhere | |
| DROP all -- anywhere anywhere ctstate INVALID | |
| REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
| Chain FORWARD (policy ACCEPT) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| ACCEPT all -- anywhere anywhere | |
| FORWARD_direct all -- anywhere anywhere | |
| FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere | |
| FORWARD_IN_ZONES all -- anywhere anywhere | |
| FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere | |
| FORWARD_OUT_ZONES all -- anywhere anywhere | |
| DROP all -- anywhere anywhere ctstate INVALID | |
| REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
| Chain OUTPUT (policy ACCEPT) | |
| target prot opt source destination | |
| ssvpn-out all -- anywhere anywhere | |
| OUTPUT_direct all -- anywhere anywhere | |
| Chain FORWARD_IN_ZONES (1 references) | |
| target prot opt source destination | |
| FWDI_public all -- anywhere anywhere [goto] | |
| FWDI_public all -- anywhere anywhere [goto] | |
| FWDI_public all -- anywhere anywhere [goto] | |
| FWDI_public all -- anywhere anywhere [goto] | |
| Chain FORWARD_IN_ZONES_SOURCE (1 references) | |
| target prot opt source destination | |
| Chain FORWARD_OUT_ZONES (1 references) | |
| target prot opt source destination | |
| FWDO_public all -- anywhere anywhere [goto] | |
| FWDO_public all -- anywhere anywhere [goto] | |
| FWDO_public all -- anywhere anywhere [goto] | |
| FWDO_public all -- anywhere anywhere [goto] | |
| Chain FORWARD_OUT_ZONES_SOURCE (1 references) | |
| target prot opt source destination | |
| Chain FORWARD_direct (1 references) | |
| target prot opt source destination | |
| Chain FWDI_public (4 references) | |
| target prot opt source destination | |
| FWDI_public_log all -- anywhere anywhere | |
| FWDI_public_deny all -- anywhere anywhere | |
| FWDI_public_allow all -- anywhere anywhere | |
| ACCEPT icmp -- anywhere anywhere | |
| Chain FWDI_public_allow (1 references) | |
| target prot opt source destination | |
| Chain FWDI_public_deny (1 references) | |
| target prot opt source destination | |
| Chain FWDI_public_log (1 references) | |
| target prot opt source destination | |
| Chain FWDO_public (4 references) | |
| target prot opt source destination | |
| FWDO_public_log all -- anywhere anywhere | |
| FWDO_public_deny all -- anywhere anywhere | |
| FWDO_public_allow all -- anywhere anywhere | |
| Chain FWDO_public_allow (1 references) | |
| target prot opt source destination | |
| Chain FWDO_public_deny (1 references) | |
| target prot opt source destination | |
| Chain FWDO_public_log (1 references) | |
| target prot opt source destination | |
| Chain INPUT_ZONES (1 references) | |
| target prot opt source destination | |
| IN_public all -- anywhere anywhere [goto] | |
| IN_public all -- anywhere anywhere [goto] | |
| IN_public all -- anywhere anywhere [goto] | |
| IN_public all -- anywhere anywhere [goto] | |
| Chain INPUT_ZONES_SOURCE (1 references) | |
| target prot opt source destination | |
| Chain INPUT_direct (1 references) | |
| target prot opt source destination | |
| Chain IN_public (4 references) | |
| target prot opt source destination | |
| IN_public_log all -- anywhere anywhere | |
| IN_public_deny all -- anywhere anywhere | |
| IN_public_allow all -- anywhere anywhere | |
| ACCEPT icmp -- anywhere anywhere | |
| Chain IN_public_allow (1 references) | |
| target prot opt source destination | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW | |
| Chain IN_public_deny (1 references) | |
| target prot opt source destination | |
| Chain IN_public_log (1 references) | |
| target prot opt source destination | |
| Chain OUTPUT_direct (1 references) | |
| target prot opt source destination | |
| ssacct-out all -- anywhere anywhere | |
| ssnode-out all -- anywhere anywhere | |
| Chain ssacct-in (1 references) | |
| target prot opt source destination | |
| tcp -- anywhere anywhere tcp dpt:http /* [SwiftStack] proxy_in */ | |
| Chain ssacct-out (1 references) | |
| target prot opt source destination | |
| tcp -- anywhere anywhere tcp spt:http /* [SwiftStack] proxy_out */ | |
| Chain ssnode-in (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere base-address.mcast.net/8 | |
| ACCEPT vrrp -- anywhere anywhere | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:http | |
| ACCEPT tcp -- anywhere anywhere multiport dports 6001:6002 | |
| ACCEPT tcp -- anywhere anywhere multiport dports 6004:6005 | |
| ACCEPT tcp -- anywhere anywhere multiport dports x11,6006:6008 | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:6003 | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:memcache | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:rsync | |
| ACCEPT udp -- anywhere anywhere udp dpt:ntp | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:58318 | |
| Chain ssnode-out (1 references) | |
| target prot opt source destination | |
| Chain ssvpn-in (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| ACCEPT icmp -- anywhere anywhere | |
| DROP all -- anywhere anywhere | |
| Chain ssvpn-out (1 references) | |
| target prot opt source destination | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:6040 | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:6050 | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:9915 | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:9914 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment