From 66fe12910cc798cc524fa492cb8a2fc2dc2165d2 Mon Sep 17 00:00:00 2001
From: Edison Su <edison@cloud.com>
Date: Wed, 3 Aug 2011 13:39:13 -0700
Subject: [PATCH] delete the default iptable rule

---
 python/lib/cloudutils/serviceConfig.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/python/lib/cloudutils/serviceConfig.py b/python/lib/cloudutils/serviceConfig.py
index 36a5e6a572f..1acee497968 100644
--- a/python/lib/cloudutils/serviceConfig.py
+++ b/python/lib/cloudutils/serviceConfig.py
@@ -533,6 +533,8 @@ class firewallConfigAgent(firewallConfigBase):
         self.ports = "22 16509 5900:6100 49152:49216".split()
         if syscfg.env.distribution.getVersion() == "CentOS":
             self.rules = ["-D FORWARD -j RH-Firewall-1-INPUT"]
+        else:
+            self.rules = ["-D FORWARD -j REJECT --reject-with icmp-host-prohibited"]
 
 
 class cloudAgentConfig(serviceCfgBase):