Virtual TapeServer 8.0 Supplemental Installation Guide

26 | Enabling and Configuring AutoCopy and Instant DR

• -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT

Allows connections on port 22 (SSH).

• -A INPUT -i eth1 -p tcp -m tcp --dport 514 -j ACCEPT

-A INPUT -i eth1 -p udp -m udp --dport 514 -j ACCEPT

Allow RSH connections on UDP and TCP port 514.

• -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT

Tracks the connections and allows only established connections. An established

connection is associated with a connection that has seen packets in both directions.

• -A INPUT -p tcp -m state --state RELATED -j ACCEPT

Allows connections that are of a related state only. A related connection is a new

connection that is associated with an existing connection.

• -A INPUT -p icmp -j ACCEPT

Allows ICMP traffic (ping and traceroute). This is not required but is helpful when

troubleshooting network issues.

• -A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable

Rejects all traffic with the exception of the preceding rules.

• -A INPUT -p tcp -m state --state INVALID -j REJECT

--reject-with icmp-port-unreachable

Sends a rejected notification to the invalid sender. You can change REJECT to DROP

to drop the traffic without a rejection notification. Note that this should be entered on

one line.

• COMMIT

Causes the preceding commands to take effect.

3. Save and close the file.

4. Enter the following commands:

chkconfig iptables on

service iptables restart

At this point, all TCP/IP traffic is blocked except for SSH, RSH, and ICMP (ping and

traceroute) traffic.

5. Repeat these steps on each source VTS server.