En
Es
This is the documentation for the deprecated product VMmanager 5. It is no longer updated and may be irrelevant. Documentation for the current version of VMmanager can be found in the VMmanager 6 section.
Netfilter is a framework provided by Linux that allows for various networking-related operations. There are a number of frameworks for firewall management, such as iptables (manages IPv4 packets), ip6tables (manages IPv6 packets), ebtables (manages ethernet bridges).
How it works
When adding a cluster node, VMmanager creates there the /usr/local/mgr5/etc/iptables.rules.d and /usr/local/mgr5/etc/ip6tables.rules.d directories and adds thee files with iptables and ip6tables rules into those directories. The files are overwritten when the panel restarts. The rules are uploaded in a certain order which is defined by the first two symbols of the name (00-99). E.g., 123 means that the rule will be handled 23th in succession; _21 means that the system will handle it after 99.
Files have the following names:
NN_name.ruleOn Debian execute the commands iptables-save and iptables-restore to save the rules iptables and ip6tables and apply them automatically after server restart. In the /etc/network/if-up.d/ directory the system creates a script that will be executed automatically when setting up the network interface and will run the command iptables-restore.
Standard rules
When you install VMmanager and add a cluster node, the iptables rules for modules and control panel services are added for the control panel:
iptables -I FORWARD -p all -j ACCEPT
ip6tables -I FORWARD -p all -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 111 -j ACCEPT
iptables -I INPUT 2 -p udp --dport 111 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 2049 -j ACCEPT
iptables -I INPUT 4 -p udp --dport 2049 -j ACCEPTAdding rules
To add a rule, navigate to Cluster settings → Firewall → Add.