How old should it be? I checked with v1.4.21
28.09.2017 12:55, Kirill Tkhai пишет: > Could you please to say will it work on old iptables? > > On 28.09.2017 13:03, Stanislav Kinsburskiy wrote: >> What a brilliant idea it was to ignore unknown keys. >> Should take it into account. >> >> 28.09.2017 10:26, Vasily Averin пишет: >>> kthai@ explained that old version of iptables ignores unknown keys, so >>> adding -w is safe. >>> >>> On 2017-09-28 10:40, Pavel Tikhomirov wrote: >>>> Can we have these script running with older iptables version which does >>>> not have "-w"? >>>> >>>> On 09/27/2017 02:11 PM, Stanislav Kinsburskiy wrote: >>>>> Neede to support new versions of iptables. >>>>> >>>>> https://jira.sw.ru/browse/PSBM-73153 >>>>> >>>>> Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com> >>>>> --- >>>>> scripts/nfs-ports-allow.sh | 16 ++++++++-------- >>>>> 1 file changed, 8 insertions(+), 8 deletions(-) >>>>> >>>>> diff --git a/scripts/nfs-ports-allow.sh b/scripts/nfs-ports-allow.sh >>>>> index 97541dc..ac5cf5f 100644 >>>>> --- a/scripts/nfs-ports-allow.sh >>>>> +++ b/scripts/nfs-ports-allow.sh >>>>> @@ -36,10 +36,10 @@ function add_accept_rules { >>>>> local server=$1 >>>>> local port=$2 >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s >>>>> $server --sport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d >>>>> $server --dport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s >>>>> $server --sport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d >>>>> $server --dport $port -j ACCEPT >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s >>>>> $server --sport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d >>>>> $server --dport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s >>>>> $server --sport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d >>>>> $server --dport $port -j ACCEPT >>>>> } >>>>> function iptables_allow_nfs_ports { >>>>> @@ -63,10 +63,10 @@ function allow_portmapper_port { >>>>> local server=$1 >>>>> local port=111 >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s >>>>> $server --sport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d >>>>> $server --dport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s >>>>> $server --sport $port -j ACCEPT && >>>>> - ${JOIN_CT} ${IPTABLES} -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d >>>>> $server --dport $port -j ACCEPT >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -s >>>>> $server --sport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p udp -d >>>>> $server --dport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -s >>>>> $server --sport $port -j ACCEPT && >>>>> + ${JOIN_CT} ${IPTABLES} -w -I ${CRTOOLS_IPTABLES_TABLE} -p tcp -d >>>>> $server --dport $port -j ACCEPT >>>>> } >>>>> for s in $servers; do >>>>> >>>>> _______________________________________________ >>>>> Devel mailing list >>>>> Devel@openvz.org >>>>> https://lists.openvz.org/mailman/listinfo/devel >>>>> >>>> >>> _______________________________________________ >>> Devel mailing list >>> Devel@openvz.org >>> https://lists.openvz.org/mailman/listinfo/devel >>> >> _______________________________________________ >> Devel mailing list >> Devel@openvz.org >> https://lists.openvz.org/mailman/listinfo/devel >> _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel