IPtables generated configuration

Basic rulesets

Access to Ganglia from IKOnet

SSH access inside the farm only
SSH access also from IKO/HEFnet
SSH access also from all NIKHEF
SSH access also from anywhere

DSM Tivoli backup to basket@SARA

NO LDAP User Directory access
LDAP User Directory access inside the farm only
LDAP User Directory access also from IKO/HEFnet
LDAP User Directory access also from other NIKHEF systems

This system is an NFS server

PVFS metadata server
PVFS IO server

Syslog network input

NO HTTP configuration access
HTTP configuration access inside the farm only
HTTP configuration access also from IKO/HEFnet
HTTP configuration access also from other NIKHEF systems

Act as a LCFGng server (requires http, dhcp and tftp)
Act as a boot server (dhcp, requires tftp)
Act as a TFTP server
Farm does not have other ports open
Farm only has access to ports > 1023
Farm access is unrestricted
or do it

# IPtables generated
# via command /firewall.php?
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# NTP in from anywhere
[0:0] -A INPUT -s 0/0 -p udp -m udp --dport 123 -j ACCEPT
#
[0:0] -A INPUT -j DROP
COMMIT
# Completed on a date with the web based writer