A great pleasure would be to know which exact iptables rules to use for securing GlusterFS 3.4.2 (with Debian Wheezy) in shared environment. I'm running some dedicated servers at ISP. There are two servers (named lb01 and lb02) acting as nodes and clients the same time. My actual rules look like:
iptables -A INPUT -d localhost -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -d localhost -p udp --dport 111 -j ACCEPT
iptables -A INPUT -d localhost -p tcp --dport 24007:24020 -j ACCEPT
iptables -A INPUT -s lb01 -p tcp --dport 24007:24008 -j ACCEPT
iptables -A INPUT -s lb01 -p tcp --dport 49152:49170 -j ACCEPT
iptables -A INPUT -s lb02 -p tcp --dport 24007:24008 -j ACCEPT
iptables -A INPUT -s lb02 -p tcp --dport 49152:49170 -j ACCEPT
Is that enough or too much? Are there opinions? I want to secure GlusterFS as much as possible to prevent access from other servers. (I know the presence of gluster volume set <VOL> auth.allow but I want to secure system in an earlier stage.)
Best Answer
do like this
iptables -I INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPTallow LAN machine access