Contents

  1. SAN01
    1. alicreate
    2. zone create
    3. enable zone & config
  2. SAN02
    1. alicreate
    2. zone create
    3. enable zone & config
    4. iptables

SAN01

# awk '{ print "alicreate", "\""$1"\",","", "\" \"" }' < x

alicreate

alicreate "ST01_A0",    "20:00:60:08:10:17:82:7d"
alicreate "ST01_B0",    "20:10:60:08:10:17:82:7d"
alicreate "ST02_A0",    "20:01:60:08:10:17:82:a0"
alicreate "ST02_B0",    "20:11:60:08:10:17:82:a0"
alicreate "ESXi01_FC0", "10:00:00:90:fa:e3:a9:38"
alicreate "ESXi02_FC0", "10:00:00:90:fa:e3:a9:52"
alicreate "ESXi03_FC0", "10:00:00:90:fa:e3:a9:58"
alicreate "gopos_FC0",  "10:00:00:90:fa:e3:a9:04"
alicreate "gopos_stb_FC0",  "10:00:00:90:fa:e3:a9:55"
alicreate "gowms_FC0",  "10:00:00:90:fa:e3:a9:5c"
alicreate "gowms_stb_FC0",  "10:00:00:90:fa:e3:a8:64"

paste awk '{ print $1, $2 }' < /tmp/x awk '{ print $9 }' < /tmp/xx

zone create

zonecreate "ST01_ESXi01","ST01_A0;ST01_B0;ESXi01_FC0"
zonecreate "ST01_ESXi02","ST01_A0;ST01_B0;ESXi02_FC0"
zonecreate "ST01_ESXi03","ST01_A0;ST01_B0;ESXi03_FC0"

zonecreate "ST01_gopos","ST01_A0;ST01_B0;gopos_FC0"
zonecreate "ST01_gopos_stb","ST01_A0;ST01_B0;gopos_stb_FC0"
zonecreate "ST01_gowms","ST01_A0;ST01_B0;gowms_FC0"
zonecreate "ST01_gowms_stb","ST01_A0;ST01_B0;gowms_stb_FC0"

zonecreate "ST02_ESXi01","ST02_A0;ST02_B0;ESXi01_FC0"
zonecreate "ST02_ESXi02","ST02_A0;ST02_B0;ESXi02_FC0"
zonecreate "ST02_ESXi03","ST02_A0;ST02_B0;ESXi03_FC0"

zonecreate "ST02_gopos","ST02_A0;ST02_B0;gopos_FC0"
zonecreate "ST02_gopos_stb","ST02_A0;ST02_B0;gopos_stb_FC0"
zonecreate "ST02_gowms","ST02_A0;ST02_B0;gowms_FC0"
zonecreate "ST02_gowms_stb","ST02_A0;ST02_B0;gowms_stb_FC0"

enable zone & config

cfgcreate "AYY_SAN01","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN01
cfgsave AYY_SAN01

SAN02

# awk '{ print "alicreate", "\""$1"\",","", "\" \"" }' < x

alicreate

alicreate "ST01_A1",  "20:01:60:08:10:17:82:7d"
alicreate "ST01_B1",  "20:11:60:08:10:17:82:7d"
alicreate "ST02_A1",  "20:00:60:08:10:17:82:a0"
alicreate "ST02_B1",  "20:10:60:08:10:17:82:a0"
alicreate "ESXi01_FC1",   "10:00:00:90:fa:e3:a9:39"
alicreate "ESXi02_FC1",   "10:00:00:90:fa:e3:a9:53"
alicreate "ESXi03_FC1",   "10:00:00:90:fa:e3:a9:59"
alicreate "gopos_FC1",    "10:00:00:90:fa:e3:a9:05"
alicreate "gopos_stb_FC1",    "10:00:00:90:fa:e3:a9:54"
alicreate "gowms_FC1",    "10:00:00:90:fa:e3:a9:5d"
alicreate "gowms_stb_FC1",    "10:00:00:90:fa:e3:a8:65"

zone create

zonecreate "ST01_ESXi01","ST01_A1;ST01_B1;ESXi01_FC1"
zonecreate "ST01_ESXi02","ST01_A1;ST01_B1;ESXi02_FC1"
zonecreate "ST01_ESXi03","ST01_A1;ST01_B1;ESXi03_FC1"

zonecreate "ST01_gopos","ST01_A1;ST01_B1;gopos_FC1"
zonecreate "ST01_gopos_stb","ST01_A1;ST01_B1;gopos_stb_FC1"
zonecreate "ST01_gowms","ST01_A1;ST01_B1;gowms_FC1"
zonecreate "ST01_gowms_stb","ST01_A1;ST01_B1;gowms_stb_FC1"

zonecreate "ST02_ESXi01","ST02_A1;ST02_B1;ESXi01_FC1"
zonecreate "ST02_ESXi02","ST02_A1;ST02_B1;ESXi02_FC1"
zonecreate "ST02_ESXi03","ST02_A1;ST02_B1;ESXi03_FC1"

zonecreate "ST02_gopos","ST02_A1;ST02_B1;gopos_FC1"
zonecreate "ST02_gopos_stb","ST02_A1;ST02_B1;gopos_stb_FC1"
zonecreate "ST02_gowms","ST02_A1;ST02_B1;gowms_FC1"
zonecreate "ST02_gowms_stb","ST02_A1;ST02_B1;gowms_stb_FC1"

enable zone & config

# cat xxx | grep zonecre | awk -F"\"" '{ print $2 }' | sort | fmt | tr '\n' ' ' | tr ' ' ';' >> /tmp/tmp6fzBu_.moin 

cfgcreate "AYY_SAN02","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN02
cfgsave AYY_SAN02

iptables

$ cat /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:12816]
#-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --set --name database --rsource
#-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 151/sec --limit-burst 6 -j ACCEPT
COMMIT