Ovh Use a perl script on their server to monitor system health. Its installed by default in their images, alternatively installed manually (instructions here).
To allow their monitoring in and out of the firewall you need to open some ports for them (important if you only allow specific traffic in or out through the firewall). An iptables configuration follows.
#!/bin/bash /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 --source cache.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.p19.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.rbx.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.rbx2.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source ping.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source <<first 3 octets of main ip>>.250 -j ACCEPT # IP monitoring system for RTM /sbin/iptables -A INPUT -i eth0 -p icmp --source <<first 3 octets of main ip>>.251 -j ACCEPT # IP monitoring system for SLA /sbin/iptables -A OUTPUT -o eth0 -p udp --destination rtm-collector.ovh.net --dport 6100:6200 -j ACCEPT
If you use CSF, replace INPUT with ALLOWIN and OUPUT with ALLOWOUT. The above code can go in /etc/csf/csfpost.sh to get run everytime CSF reloads the firewall rules.
Hi,
Thanks for your good tutorial.
It seems that Centos 7 hasn’t sbin at all.
So i couldn’t create and save /etc/csf/csfpost.sh with sbin location.
Best regards,
Jeff
Hi Jeff,
Its probably in /usr/sbin. But you can be sure by running `where iptables` and updating the script with the location it provides.
Sam
Could you explain me where I need to put this code (I ‘m using CSF). Thank you.
Hi,
You’ll need to put it in `/etc/csf/csfpost.sh`, this will get run when csf reloads its rules.
Sam