Comment by dbaxps for I found that, since ufw creates rules on all interfaces, it was unsuitable for use on hosts running linuxbridge or openvswitch. It places your firewall rules on the internal networks causing trouble. Instead I did this: $ cat /etc/iptables.rules #!/bin/sh iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # mosh iptables -A INPUT -i eth0 -p udp -m multiport --dports 60000:60100 -j ACCEPT # all icmp iptables -A INPUT -i eth0 -p icmp -j ACCEPT # our ssl port iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT # our ssh port iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # drop the rest iptables -A INPUT -i eth0 -j DROP $ cat /etc/network/in cat: /etc/network/in: No such file or directory don@vk-3:/var/www/html/stacks$ cat /etc/network/interfaces # The primary network interface auto eth0 iface eth0 inet static address MYIP netmask 255.255.255.248 gateway MYGW dns-nameservers MYDNS pre-up /etc/iptables.rules now when my eth0 comes up, it firewalls, but only on that interface (-i eth0).

It's OK. How about this :- -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.1.137" -j ACCEPT -A INPUT -p tcp -m multiport --dports 8777 -m comment --comment "001 ceilometer-api incoming ceilometer_api" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 3260,8776 -m comment --comment "001 cinder incoming cinder_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 3260,8776 -m comment --comment "001 cinder incoming cinder_192.168.1.137" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming glance_192.168.1.137" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 9697 -m comment --comment "001 metadata coming metadata_192.168.1.137" -j ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon 80 incoming" -j ACCEPT -A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming keystone" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 27017 -m comment --comment "001 mongodb-server incoming swift_storage_and_rsync_192.168.1.137" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 3306 -m comment --comment "001 mysql incoming mysql_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 3306 -m comment --comment "001 mysql incoming mysql_192.168.1.137" -j ACCEPT -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 nagios incoming" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 5666 -m comment --comment "001 nagios-nrpe incoming nagios_nrpe" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 67 -m comment --comment "001 neutron dhcp in incoming neutron_dhcp_in_192.168.1.127_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 67 -m comment --comment "001 neutron dhcp in incoming neutron_dhcp_in_192.168.1.127_192.168.1.137" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_192.168.1.127_192.168.1.127" -j ACCEPT -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron server incoming neutron_server_192.168.1.127_192.168.1.137" -j ACCEPT -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 5900:5999 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT -A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 novaapi incoming" -j ACCEPT -A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT -A INPUT -p tcp -m multiport --dports 8080 -m comment --comment "001 swift proxy incoming" -j ACCEPT

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112