Protocol vrrp在iptables和firewalld中的记录
来自三线的随记
前几天接触到了防火墙环境下的 keepalived脑 裂问题
做一个小小的后续mark
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface dmac-vc01v2058 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
[root@centos7 ~]# nslookup vrrp.mcast.net Server: 223.5.5.5 Address: 223.5.5.5#53 Non-authoritative answer: Name: vrrp.mcast.net Address: 224.0.0.18
ps: [这个解析结果就很有意思]
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 11840 18M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2 1 29 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 3 67 7216 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 4 67 7216 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 5 67 7216 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 6 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 7 61 6736 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain INPUT_direct (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT 112 -- dmac-vc01v2058 * 0.0.0.0/0 224.0.0.18
- just a mark waiting for the 鸽子