network:firewall
Differences
This shows you the differences between two versions of the page.
|
network:firewall [2016/02/04 21:38] walter [How to Open a Port] |
network:firewall [2021/05/02 21:36] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Firewall ====== | ||
| - | The router host provides an iptables based firewall that filters traffic for all the ACM public hosts. Generally it can be assumed that a listed publicly accessible host has allowed access to TCP ports 22(SSH), 80(HTTP), and 443(HTTPS). Any additional TCP or UDP application ports that need to be opened for a given host can be configured by an [[:admins#network_admin|ACM network admin]] on a per request basis. **All port opening requests must include the protocol, TCP, UDP, or both, along with the individual port number. ** | ||
| - | |||
| - | ====== How to Open a Port ====== | ||
| - | <WRAP center round important 60%> | ||
| - | Don't forget to save the new config with **iptables-save > /etc/iptables/iptables.conf** unless editing the config directly. | ||
| - | </WRAP> | ||
| - | |||
| - | **First** gather the list of ports you need on which protocol. | ||
| - | |||
| - | ===== INPUT Chain ===== | ||
| - | This allows the port to make it through the INPUT chain and onto forwarding. \\ | ||
| - | The affects the INPUT chains for ALL network devices, although loopback is handled prior to this. \\ | ||
| - | Use the -i <interface> flag to restrict the rule to one network interface.\\ | ||
| - | ==== Single Port ==== | ||
| - | <code> | ||
| - | iptables -A <TCP|UDP> -p <tcp|udp> -m <tcp|udp> --dport <port> -j ACCEPT | ||
| - | </code> | ||
| - | ==== Multiple Ports ==== | ||
| - | <code> | ||
| - | iptables -A <TCP|UDP> -p <tcp|udp> -m multiport --dports <port1>,<port2>,...,<portN> -j ACCEPT | ||
| - | </code> | ||
| - | ===== FORWARD Chain ===== | ||
| - | |||
| - | If this interface has not been added to the list of interfaces allowed to forward packets between them, you must first add it with. | ||
| - | <code> | ||
| - | iptables -A fw-interfaces -i <interface> -j ACCEPT | ||
| - | </code> | ||
| - | Afterwards, you can add the rules that forward ports to specific machines. | ||
| - | ==== Single Port ==== | ||
| - | <code> | ||
| - | iptables -A fw-open -d <x.x.x.x/32> -p <tcp|udp> -m <tcp|udp> --dport <port> -j ACCEPT | ||
| - | </code> | ||
| - | ==== Multiple Ports ==== | ||
| - | <code> | ||
| - | iptables -A fw-open -d <x.x.x.x/32> -p <tcp|udp> -m multiport --dports<port1>,<port2>,...,<portN> -j ACCEPT | ||
| - | </code> | ||
network/firewall.txt ยท Last modified: 2021/05/02 21:36 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
