Centos 7 , Master-slave replication iptables?

Question

This is the iptables on my mysql_slave server:

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-N whitelist
-A whitelist -s 000.000.000.000/32 -j ACCEPT
-A whitelist -s 000.000.000.000/32 -j ACCEPT
-A whitelist -s 000.000.000.000/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j whitelist
-A OUTPUT -d 000.000.000.000/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22000 -j whitelist
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4949 -j whitelist
-A INPUT -p TCP --dport 6379 -j REJECT
-A INPUT -p tcp --dport 4949 -j DROP
-A INPUT -p tcp --dport 22000 -j DROP
-A INPUT -p tcp --dport 3306 -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -j DROP
-A FORWARD -j DROP

is there any wrong with this?the firewalld was disabled. when i do this: service iptables restart.The slave mysql-binlog'position no longer synchronization the master's mysql-binlog position. Can you help me?

Answer 1

It looks like you are missing a definition for the whitelist table. This should likely contain an accept rule for your primary server. I don't know if you would need to whitelist any other servers.