Rebuild iptables configuration on CPM

book

Article ID: 168024

calendar_today

Updated On:

Products

XOS

Issue/Introduction

How to rebuild iptables configuration on CPM?

In rare cases the iptables configuration on CPM can differ from the access-list configuration.Running "iptables -L u_input_eth2" can show that the iptable chain on CPM management interface differs from the access-list configuration currently present on XOS. This can happen in cases when instead of using the appropriate access-list XOS commands the iptables change was done manually in Linux.

Resolution

Running "/crossbeam/bin/cbs_iptables_regen" will restore the iptables configuration on CPM using the current access-list configuration. The command needs to be run on both CPMs if CPM redundancy is used.

 

Output

[[email protected] bin]# iptables -L u_input_eth2
Chain u_input_eth2 (2 references)
target     prot opt source               destination         
REJECT     udp  --  anywhere             anywhere            udp dpt:sunrpc reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:sunrpc reject-with tcp-reset 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:rmiregistry reject-with tcp-reset 
ACCEPT     all  --  anywhere             anywhere            
u_input    all  --  anywhere             anywhere            
[[email protected] bin]#