2

A great pleasure would be to know which exact iptables rules to use for securing GlusterFS 3.4.2 (with Debian Wheezy) in shared environment. I'm running some dedicated servers at ISP. There are two servers (named lb01 and lb02) acting as nodes and clients the same time. My actual rules look like:

iptables -A INPUT -d localhost -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -d localhost -p udp --dport 111 -j ACCEPT
iptables -A INPUT -d localhost -p tcp --dport 24007:24020 -j ACCEPT
iptables -A INPUT -s lb01 -p tcp --dport 24007:24008 -j ACCEPT
iptables -A INPUT -s lb01 -p tcp --dport 49152:49170 -j ACCEPT
iptables -A INPUT -s lb02 -p tcp --dport 24007:24008 -j ACCEPT
iptables -A INPUT -s lb02 -p tcp --dport 49152:49170 -j ACCEPT

Is that enough or too much? Are there opinions? I want to secure GlusterFS as much as possible to prevent access from other servers. (I know the presence of gluster volume set <VOL> auth.allow but I want to secure system in an earlier stage.)

rabudde
  • 304
  • 5
  • 22
  • Do you use Gluster NFS service ? How many bricks for every volume do you have ? – krisFR Jan 31 '14 at 21:11
  • No, NFS is not used. There is one brick per volume and all volumes are replicated. I use GlusterFS to have millions of assets replicated in nearly realtime between two active web servers. – rabudde Jan 31 '14 at 21:47
  • `Is that enough ?` Actually does it work like expected ? `one brick per volume` So how many bricks/volumes do you have (that is for `or too much?`) ? – krisFR Jan 31 '14 at 22:02

1 Answers1

-2

do like this iptables -I INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT allow LAN machine access

张立伟
  • 1