Jan Siersch · 4044b295
--- a/pxe-boot.markdown
+++ b/pxe-boot.markdown
@@ -19,6 +19,30 @@ we start a DHCP server on the storagenode that provides PXE boot information (TF
 yum -y install dhcp syslinux xinetd tftp-server dracut-network
 ```

+- configure IPTABLES to allow incomming access to DHCP, TFTP and NFS
+
+```
+# DHCP
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 67   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 68   -j ACCEPT
+
+# TFTP
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 69   -j ACCEPT
+
+# NFS
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 111   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 111   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 2049  -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 32803 -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 32769 -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 892   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 892   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 875   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 875   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 662   -j ACCEPT
+iptables -I INPUT 1 -s 10.1.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -p udp --dport 662   -j ACCEPT
+```
+
 - prepare directories for all diskless nodes

 ```