How to rebuild iptables configuration on CPM?
In rare cases the iptables configuration on CPM can differ from the access-list configuration.Running "iptables -L u_input_eth2" can show that the iptable chain on CPM management interface differs from the access-list configuration currently present on XOS. This can happen in cases when instead of using the appropriate access-list XOS commands the iptables change was done manually in Linux.
Running "/crossbeam/bin/cbs_iptables_regen" will restore the iptables configuration on CPM using the current access-list configuration. The command needs to be run on both CPMs if CPM redundancy is used.
[[email protected] bin]# iptables -L u_input_eth2
Chain u_input_eth2 (2 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:sunrpc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:sunrpc reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:rmiregistry reject-with tcp-reset
ACCEPT all -- anywhere anywhere
u_input all -- anywhere anywhere
[[email protected] bin]#