Difference between revisions of "Firewall Management in Linux"
From Observer GigaFlow Support | VIAVI Solutions Inc.
m (Niall moved page Linux/Firewall to Firewall Management in Linux) |
Kevin Wilkie (Talk | contribs) |
||
| Line 1: | Line 1: | ||
[[Category:Troubleshooting]] | [[Category:Troubleshooting]] | ||
[[Category:Linux]] | [[Category:Linux]] | ||
| − | + | Please note that ports 5432 and 54321:54330 provide access to the database and can be ommitted. | |
Iptables | Iptables | ||
| + | iptables -A INPUT -p tcp --dport 54321:54330 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --dport 5432 -j ACCEPT | ||
iptables -A INPUT -p udp --dport 161 -j ACCEPT | iptables -A INPUT -p udp --dport 161 -j ACCEPT | ||
iptables -A INPUT -p udp --dport 162 -j ACCEPT | iptables -A INPUT -p udp --dport 162 -j ACCEPT | ||
| Line 14: | Line 16: | ||
iptables -A INPUT -p udp --dport 510:520 -j ACCEPT | iptables -A INPUT -p udp --dport 510:520 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | iptables -A INPUT -p tcp --dport 22 -j ACCEPT | ||
| − | |||
| − | |||
iptables -A INPUT -p tcp --dport 7902 -j ACCEPT | iptables -A INPUT -p tcp --dport 7902 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 8902 -j ACCEPT | iptables -A INPUT -p tcp --dport 8902 -j ACCEPT | ||
| Line 24: | Line 24: | ||
For firewalld | For firewalld | ||
| + | firewall-cmd --zone=public --permanent --add-port=54321-54330/tcp | ||
| + | firewall-cmd --zone=public --permanent --add-port=5432/tcp | ||
firewall-cmd --zone=public --permanent --add-port=5000/udp | firewall-cmd --zone=public --permanent --add-port=5000/udp | ||
firewall-cmd --zone=public --permanent --add-port=161/udp | firewall-cmd --zone=public --permanent --add-port=161/udp | ||
| Line 36: | Line 38: | ||
firewall-cmd --zone=public --permanent --add-port=510-520/udp | firewall-cmd --zone=public --permanent --add-port=510-520/udp | ||
firewall-cmd --zone=public --permanent --add-port=22/tcp | firewall-cmd --zone=public --permanent --add-port=22/tcp | ||
| − | |||
| − | |||
firewall-cmd --zone=public --permanent --add-port=7902/tcp | firewall-cmd --zone=public --permanent --add-port=7902/tcp | ||
| − | + | firewall-cmd --zone=public --permanent --add-port=8902/tcp | |
firewall-cmd --reload | firewall-cmd --reload | ||
Revision as of 11:13, 3 November 2021
Please note that ports 5432 and 54321:54330 provide access to the database and can be ommitted. Iptables
iptables -A INPUT -p tcp --dport 54321:54330 -j ACCEPT iptables -A INPUT -p tcp --dport 5432 -j ACCEPT iptables -A INPUT -p udp --dport 161 -j ACCEPT iptables -A INPUT -p udp --dport 162 -j ACCEPT iptables -A INPUT -p udp --dport 1812 -j ACCEPT iptables -A INPUT -p udp --dport 1813 -j ACCEPT iptables -A INPUT -p udp --dport 2055 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 514 -j ACCEPT iptables -A INPUT -p udp --dport 1645 -j ACCEPT iptables -A INPUT -p udp --dport 2050:2060 -j ACCEPT iptables -A INPUT -p udp --dport 510:520 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 7902 -j ACCEPT iptables -A INPUT -p tcp --dport 8902 -j ACCEPT iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited /etc/init.d/iptables save iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited /etc/init.d/iptables save
For firewalld
firewall-cmd --zone=public --permanent --add-port=54321-54330/tcp firewall-cmd --zone=public --permanent --add-port=5432/tcp firewall-cmd --zone=public --permanent --add-port=5000/udp firewall-cmd --zone=public --permanent --add-port=161/udp firewall-cmd --zone=public --permanent --add-port=162/udp firewall-cmd --zone=public --permanent --add-port=1812/udp firewall-cmd --zone=public --permanent --add-port=1813/udp firewall-cmd --zone=public --permanent --add-port=2055/udp firewall-cmd --zone=public --permanent --add-port=53/udp firewall-cmd --zone=public --permanent --add-port=514/udp firewall-cmd --zone=public --permanent --add-port=1645/udp firewall-cmd --zone=public --permanent --add-port=2050-2060/udp firewall-cmd --zone=public --permanent --add-port=510-520/udp firewall-cmd --zone=public --permanent --add-port=22/tcp firewall-cmd --zone=public --permanent --add-port=7902/tcp firewall-cmd --zone=public --permanent --add-port=8902/tcp firewall-cmd --reload
