Linux firewall iptables and firewalld
Conductor | https://docs.128technology.com/docs/bcp_conductor_deployment#linux-os-tuning |
---|
SSR to Conductor | https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/concepts_machine_communication/#router-to-conductor-connectivity |
|
Code Block |
---|
| [root@conductor_node2 ~]# firewall-cmd --get-zones
block dmz drop external home internal public t128 trusted work
|
|
Router to Conductor | firewall-cmd --list-all https://www.speedguide.net/port.php?port=4505 443/tcp ( HTTPS/TLS ) 830/tcp Netconf 930/tcp ( Unassigned, but use for Netconf ) 4505-/tcp + 4506/tcp ( Unassigned but use for Salt-minion ) Code Block |
---|
| [root@conductor_node2 ~]# firewall-cmd --list-all
t128 (active)
target: DROP
icmp-block-inversion: no
interfaces: ens37 ens33 ens38
sources:
services: https ssh zookeeper salt-master netconf
ports: 443/tcp 830/tcp 930/tcp 4505-4506/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@conductor_node2 ~]#
|
|
| firewall-cmd --get-services
Code Block |
---|
| [root@conductor_node2 ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql netconf nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd salt-master samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zookeeper
|
|
Router | router-to-router and conductor-to-router |
---|
| https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/concepts_machine_communication/#router-to-router-connectivity |
| firewall-cmd --list-all
|
|
|