Re: [SSI-devel] restarting iptables takes down node 2
Brought to you by:
brucewalker,
rogertsang
Menu
▾
▴
Re: [SSI-devel] restarting iptables takes down node 2
|
From: Jiann-Ming Su <suj...@gm...> - 2005-03-10 01:13:47
|
On Wed, 09 Mar 2005 13:37:21 -0800, Brian J. Watson <Bri...@hp...> wrote: > > If you develop a working iptables configuration that only permits these > ports (plus whatever else you need) and DROPs everything else by > default, can you share it with the rest of us? I can add it to the > installation instructions. > Well, since the interconnect interface is governed by iptables as well, is there something within the interconnect code that would make it so sensitive to DROPed packets? The two nodes seem to timeout as soon as any packet is dropped. If this is the proper behavior across the interconnect, then I'm not sure DROP by default would work. In the rules I used that caused node2 to go down, the default was DROP and the first rule was to allow all through the interconnect interface. -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman |