You could try something like this: echo "iptables -I INPUT 4 -s [source subnet] -p udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT>> /etc/rc.local
I had to use that method once for a nagios install. Oliver -- -----Original Message----- From: Brandon Arms [mailto:ba...@dsscorp.com] Sent: Tuesday, April 30, 2013 5:15 PM To: users@cloudstack.apache.org Subject: RE: virtual router iptables Testing snmp polling of the virtual routers, via their public ip addresses, to retrieve bandwidth info used on the public facing virtual router interface. I had to add a rule to iptables allowing this, which works, and wanted to make it persistent. iptables -A INPUT -s [source subnet] -p udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT I also ran the following on the vrouter which seems to survive the reboot: apt-get install snmpd apt-get install snmp apt-get install snmp-mibs-downloader sudo download-mibs chkconfig --add snmpd chkconfig snmpd on my experience is not in linux, but I was able to achieve what I wanted with the exception of making the iptables rule persistent. Brandon Arms -----Original Message----- From: Mathias Mullins [mailto:mathias.mull...@citrix.com] Sent: Tuesday, April 30, 2013 12:01 PM To: users@cloudstack.apache.org Subject: Re: virtual router iptables Hi Brandon, My question is what changes would you look at making and what would the use case be? As for making them persistent, that is nearly impossible since they are part of the template and they will get overridden upon reboot. Thanks, Matt On 4/30/13 8:56 AM, "Brandon Arms" <ba...@dsscorp.com> wrote: >Has anyone had success in modifying the iptables on a virtual router >and making those changes persistent? > >Brandon Arms