The linux firewall, iptables, will block ports which are required to access CBA services and applications. A full list of ports required is available in the technical implementation manual which is available via your project implementation team.
Typically you will want to configure iptables to open up the required ports & only block ports that are not required - CBA can assist with this configuration.
To simplify installation & initial testing it is often easier to disable iptables, build a working system & then configure iptables once the system is up and running. This short article describes how to disable iptables.
Step 1. Is iptables running
Use the service command to determine if iptables is running:
# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Use the chkconfig command to determine what run levels iptables is enabled at:
# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Step 2. Stop iptables
Use the service command to stop iptables:
# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
Step 3. Disable iptables
Use the chkconfig command to disable iptables at all run levels:
# chkconfig iptables off
# chkconfig --list iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Step 4. Enable & configure iptables
As mentioned previously, once the system is up and running you will typically want to enable iptables & configure it to allow the required ports whilst blocking everything else. Contact your CBA implementation team for assistance if required.
Comments
0 comments
Please sign in to leave a comment.