Re: Firewall (iptables) issues?

[Phillip Sorensen <pas37@cornell.edu>]

On 11/04/2010 12:51 PM, Andrew Johnson wrote:
> On Thursday 04 November 2010 11:25:52 Eric Norum wrote:
> > Thanks.  That does it.
> > Here's what I now have.
> >
> > -A RH-Firewall-1-INPUT -s 128.3.128.0/22 -p udp --dport 5064 -j ACCEPT
> > -A RH-Firewall-1-INPUT -s 128.3.128.0/22 -p udp --dport 5065 -j ACCEPT
> > -A RH-Firewall-1-INPUT -s 128.3.128.0/22 -p tcp --dport 5064 -j ACCEPT
> > -A RH-Firewall-1-INPUT -s 128.3.128.0/22 -p tcp --dport 5065 -j ACCEPT
> > -A RH-Firewall-1-INPUT -s 128.3.128.0/22 -p udp --sport 5064 -j ACCEPT
> >
> >
> > Maybe this needs to go in either the application developer's guide or the
> > release notes.
> Since this is a Channel Access issue I think it makes more sense to put it in
> the CA Reference Manual.  Note that the "RH-Firewall-1-INPUT" part is probably
> distribution-specific (I suspect the "RH" stands for Red Hat), and there's
> also a subnet-specific part to those commands.
>
> Are *all* of those lines really necessary though?  It would be nice to have
> something that says "CA clients need ...", "a soft IOC needs ..." etc.
>
> - Andrew
I just have the equivalent last line in my rules, along with the 
standard accept of established and related traffic.  This seems to work

Phil Sorensen