|
|
|
@ -5,29 +5,31 @@ |
|
|
|
|
:FORWARD ACCEPT [0:0] |
|
|
|
|
:OUTPUT ACCEPT [0:0] |
|
|
|
|
{% if 'hadoop_masters' in group_names %} |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['fs_default_FS_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_namenode_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_ha_jobtracker_rpc-address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_ha_zkfc_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_ha_zkfc_port'] }} -j ACCEPT |
|
|
|
|
|
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['fs_default_FS_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_namenode_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_job_tracker_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_ha_jobtracker_rpc-address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_ha_zkfc_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_ha_zkfc_port'] }} -j ACCEPT |
|
|
|
|
{% endif %} |
|
|
|
|
|
|
|
|
|
{% if 'hadoop_slaves' in group_names %} |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_ipc_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_task_tracker_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_http_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['dfs_datanode_ipc_address_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['mapred_task_tracker_http_address_port'] }} -j ACCEPT |
|
|
|
|
{% endif %} |
|
|
|
|
|
|
|
|
|
{% if 'qjournal_servers' in group_names %} |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['qjournal_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['qjournal_http_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['qjournal_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['qjournal_http_port'] }} -j ACCEPT |
|
|
|
|
{% endif %} |
|
|
|
|
|
|
|
|
|
{% if 'zookeeper_servers' in group_names %} |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_clientport'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_leader_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_election_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_clientport'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_leader_port'] }} -j ACCEPT |
|
|
|
|
-A INPUT -p tcp --dport {{ hadoop['zookeeper_election_port'] }} -j ACCEPT |
|
|
|
|
{% endif %} |
|
|
|
|
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
|
|
|
|
-A INPUT -p icmp -j ACCEPT |
|
|
|
@ -36,6 +38,3 @@ |
|
|
|
|
-A INPUT -j REJECT --reject-with icmp-host-prohibited |
|
|
|
|
-A FORWARD -j REJECT --reject-with icmp-host-prohibited |
|
|
|
|
COMMIT |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|