En
Es
Netfilter is a framework provided by Linux that allows for various networking-related operations. There are a number of frameworks for firewall management, such as iptables (manages IPv4 packets), ip6tables (manages IPv6 packets), ebtables (manages ethernet bridges).
How it works
When adding a cluster node, VMmanager creates there the /usr/local/mgr5/etc/iptables.rules.d and /usr/local/mgr5/etc/ip6tables.rules.d directories and adds thee files with iptables and ip6tables rules into those directories. The files are overwritten when the panel restarts. The rules are uploaded in a certain order which is defined by the first two symbols of the name (00-99). E.g., 123 means that the rule will be handled 23th in succession; _21 means that the system will handle it after 99.
Files have the following names:
NN_name.ruleOn Debian execute the commands iptables-save and iptables-restore to save the rules iptables and ip6tables and apply them automatically after server restart. In the /etc/network/if-up.d/ directory the system creates a script that will be executed automatically when setting up the network interface and will run the command iptables-restore.
Standard rules
When you install VMmanager and add a cluster node, the iptables rules for modules and control panel services are added for the control panel:
iptables -I FORWARD -p all -j ACCEPT
ip6tables -I FORWARD -p all -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 111 -j ACCEPT
iptables -I INPUT 2 -p udp --dport 111 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 2049 -j ACCEPT
iptables -I INPUT 4 -p udp --dport 2049 -j ACCEPTAdding rules
To add a rule, navigate to Cluster settings → Firewall → Add.