/usr/lib/xcp/bin/fix_firewall.sh is in xcp-xapi 1.3.2-5.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | #!/bin/bash
#
# Copyright (c) Citrix Systems 2008. All rights reserved.
#
set -e
# Insert a firewall rule to allow traffic to pass through the guest-installer network
CHAIN=xapi-INPUT
IFACE=$1 # bridge name of guest installer network
OP=$2 # if == start, then start up the firewall, else stop it.
# Flush any rules that are already there:
iptables -F $CHAIN &> /dev/null || true
iptables -D INPUT -j $CHAIN &> /dev/null || true
iptables -X $CHAIN &> /dev/null || true
# Insert the new rule - anything coming from the
if [[ "${OP}" == "start" ]]; then
iptables -N $CHAIN
iptables -I INPUT 1 -j $CHAIN
iptables -A $CHAIN -i $IFACE -j ACCEPT
fi
|