shundezhang/iptables

## iptables
# Generated by iptables-save v1.4.21 on Mon Feb  6 13:03:28 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 5671,5672,15672 -m comment --comment "001 amqp incoming amqp_10.10.10.51" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8042 -m comment --comment "001 aodh-api incoming aodh_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8777 -m comment --comment "001 ceilometer-api incoming ceilometer_api" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming cinder_10.10.10.53" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8776 -m comment --comment "001 cinder-api incoming cinder_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8041 -m comment --comment "001 gnocchi-api incoming gnocchi_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8003 -m comment --comment "001 heat api cloudwatch incoming heat_api_cloudwatch" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8000 -m comment --comment "001 heat cfn incoming heat_cfn" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8004 -m comment --comment "001 heat incoming heat" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon 80 incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming keystone" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming mariadb_10.10.10.51" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 27017 -m comment --comment "001 mongodb-server incoming mongodb_server" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_10.10.10.51" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 nova api incoming nova_api" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 6379 -m comment --comment "001 redis service incoming redis service from 10.10.10.51" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8080 -m comment --comment "001 swift proxy incoming swift_proxy" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 6000,6001,6002,873 -m comment --comment "001 swift storage and rsync incoming swift_storage_and_rsync_10.10.10.51" -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3300,6789,6800 -m comment --comment "ceph mon" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Feb  6 13:03:28 2017
	# Generated by iptables-save v1.4.21 on Mon Feb 6 13:03:28 2017
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 5671,5672,15672 -m comment --comment "001 amqp incoming amqp_10.10.10.51" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8042 -m comment --comment "001 aodh-api incoming aodh_api" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8777 -m comment --comment "001 ceilometer-api incoming ceilometer_api" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming cinder_10.10.10.53" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8776 -m comment --comment "001 cinder-api incoming cinder_api" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_api" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8041 -m comment --comment "001 gnocchi-api incoming gnocchi_api" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8003 -m comment --comment "001 heat api cloudwatch incoming heat_api_cloudwatch" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8000 -m comment --comment "001 heat cfn incoming heat_cfn" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8004 -m comment --comment "001 heat incoming heat" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon 80 incoming" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming keystone" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming mariadb_10.10.10.51" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 27017 -m comment --comment "001 mongodb-server incoming mongodb_server" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_10.10.10.51" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 nova api incoming nova_api" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 6379 -m comment --comment "001 redis service incoming redis service from 10.10.10.51" -j ACCEPT
	-A INPUT -p tcp -m multiport --dports 8080 -m comment --comment "001 swift proxy incoming swift_proxy" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 6000,6001,6002,873 -m comment --comment "001 swift storage and rsync incoming swift_storage_and_rsync_10.10.10.51" -j ACCEPT
	-A INPUT -s 10.10.10.0/24 -p tcp -m multiport --dports 3300,6789,6800 -m comment --comment "ceph mon" -j ACCEPT
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A INPUT -p icmp -j ACCEPT
	-A INPUT -i lo -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	-A INPUT -j REJECT --reject-with icmp-host-prohibited
	COMMIT
	# Completed on Mon Feb 6 13:03:28 2017