ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Rebuild iptables configuration on CPM


Article ID: 168024


Updated On:




How to rebuild iptables configuration on CPM?

In rare cases the iptables configuration on CPM can differ from the access-list configuration.Running "iptables -L u_input_eth2" can show that the iptable chain on CPM management interface differs from the access-list configuration currently present on XOS. This can happen in cases when instead of using the appropriate access-list XOS commands the iptables change was done manually in Linux.


Running "/crossbeam/bin/cbs_iptables_regen" will restore the iptables configuration on CPM using the current access-list configuration. The command needs to be run on both CPMs if CPM redundancy is used.



[[email protected] bin]# iptables -L u_input_eth2
Chain u_input_eth2 (2 references)
target     prot opt source               destination         
REJECT     udp  --  anywhere             anywhere            udp dpt:sunrpc reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:sunrpc reject-with tcp-reset 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:rmiregistry reject-with tcp-reset 
ACCEPT     all  --  anywhere             anywhere            
u_input    all  --  anywhere             anywhere            
[[email protected] bin]#