Difference between revisions of "Firewall Management in Linux"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Troubleshooting]] | [[Category:Troubleshooting]] | ||
[[Category:Linux]] | [[Category:Linux]] | ||
+ | '''Please note that ports 5432 and 54321:54330 provide access to the database and can be omitted.''' | ||
− | Iptables | + | Rules For '''Iptables''' |
+ | iptables -A INPUT -p tcp --dport 54321:54330 -j ACCEPT | ||
+ | iptables -A INPUT -p tcp --dport 5432 -j ACCEPT | ||
iptables -A INPUT -p udp --dport 161 -j ACCEPT | iptables -A INPUT -p udp --dport 161 -j ACCEPT | ||
iptables -A INPUT -p udp --dport 162 -j ACCEPT | iptables -A INPUT -p udp --dport 162 -j ACCEPT | ||
Line 14: | Line 17: | ||
iptables -A INPUT -p udp --dport 510:520 -j ACCEPT | iptables -A INPUT -p udp --dport 510:520 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | iptables -A INPUT -p tcp --dport 22 -j ACCEPT | ||
− | |||
− | |||
iptables -A INPUT -p tcp --dport 7902 -j ACCEPT | iptables -A INPUT -p tcp --dport 7902 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 8902 -j ACCEPT | iptables -A INPUT -p tcp --dport 8902 -j ACCEPT | ||
Line 23: | Line 24: | ||
/etc/init.d/iptables save | /etc/init.d/iptables save | ||
− | For | + | Rules For '''Firewalld (Including Oracle Linux)''' |
+ | firewall-cmd --zone=public --permanent --add-port=54321-54330/tcp | ||
+ | firewall-cmd --zone=public --permanent --add-port=5432/tcp | ||
firewall-cmd --zone=public --permanent --add-port=5000/udp | firewall-cmd --zone=public --permanent --add-port=5000/udp | ||
firewall-cmd --zone=public --permanent --add-port=161/udp | firewall-cmd --zone=public --permanent --add-port=161/udp | ||
Line 36: | Line 39: | ||
firewall-cmd --zone=public --permanent --add-port=510-520/udp | firewall-cmd --zone=public --permanent --add-port=510-520/udp | ||
firewall-cmd --zone=public --permanent --add-port=22/tcp | firewall-cmd --zone=public --permanent --add-port=22/tcp | ||
− | |||
− | |||
firewall-cmd --zone=public --permanent --add-port=7902/tcp | firewall-cmd --zone=public --permanent --add-port=7902/tcp | ||
− | + | firewall-cmd --zone=public --permanent --add-port=8902/tcp | |
firewall-cmd --reload | firewall-cmd --reload | ||
+ | |||
+ | Port forwarding from port 80 to 7902 | ||
+ | firewall-cmd --zone=public --permanent --add-forward-port=port=80:proto=tcp:toport=7902 | ||
+ | firewall-cmd --reload | ||
+ | |||
+ | List Rules | ||
+ | firewall-cmd --list-all | ||
+ | |||
+ | External Requirements For Blacklist, License and Stats Updating | ||
+ | Outbound http to http://homeworld.anuviewsoftware.com/ |
Revision as of 13:39, 16 March 2022
Please note that ports 5432 and 54321:54330 provide access to the database and can be omitted.
Rules For Iptables
iptables -A INPUT -p tcp --dport 54321:54330 -j ACCEPT iptables -A INPUT -p tcp --dport 5432 -j ACCEPT iptables -A INPUT -p udp --dport 161 -j ACCEPT iptables -A INPUT -p udp --dport 162 -j ACCEPT iptables -A INPUT -p udp --dport 1812 -j ACCEPT iptables -A INPUT -p udp --dport 1813 -j ACCEPT iptables -A INPUT -p udp --dport 2055 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 514 -j ACCEPT iptables -A INPUT -p udp --dport 1645 -j ACCEPT iptables -A INPUT -p udp --dport 2050:2060 -j ACCEPT iptables -A INPUT -p udp --dport 510:520 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 7902 -j ACCEPT iptables -A INPUT -p tcp --dport 8902 -j ACCEPT iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited /etc/init.d/iptables save iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited /etc/init.d/iptables save
Rules For Firewalld (Including Oracle Linux)
firewall-cmd --zone=public --permanent --add-port=54321-54330/tcp firewall-cmd --zone=public --permanent --add-port=5432/tcp firewall-cmd --zone=public --permanent --add-port=5000/udp firewall-cmd --zone=public --permanent --add-port=161/udp firewall-cmd --zone=public --permanent --add-port=162/udp firewall-cmd --zone=public --permanent --add-port=1812/udp firewall-cmd --zone=public --permanent --add-port=1813/udp firewall-cmd --zone=public --permanent --add-port=2055/udp firewall-cmd --zone=public --permanent --add-port=53/udp firewall-cmd --zone=public --permanent --add-port=514/udp firewall-cmd --zone=public --permanent --add-port=1645/udp firewall-cmd --zone=public --permanent --add-port=2050-2060/udp firewall-cmd --zone=public --permanent --add-port=510-520/udp firewall-cmd --zone=public --permanent --add-port=22/tcp firewall-cmd --zone=public --permanent --add-port=7902/tcp firewall-cmd --zone=public --permanent --add-port=8902/tcp firewall-cmd --reload
Port forwarding from port 80 to 7902
firewall-cmd --zone=public --permanent --add-forward-port=port=80:proto=tcp:toport=7902 firewall-cmd --reload
List Rules
firewall-cmd --list-all
External Requirements For Blacklist, License and Stats Updating
Outbound http to http://homeworld.anuviewsoftware.com/