Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Linux firewall iptables and firewalld


Conductorhttps://docs.128technology.com/docs/bcp_conductor_deployment#linux-os-tuning
SSR to Conductorhttps://www.juniper.net/documentation/us/en/software/session-smart-router/docs/concepts_machine_communication/#router-to-conductor-connectivity


Code Block
titlelist zones
[root@conductor_node2 ~]# firewall-cmd --get-zones
block dmz drop external home internal public t128 trusted work


Router to Conductor

firewall-cmd --list-all

https://www.speedguide.net/port.php?port=4505

443/tcp ( HTTPS/TLS )

830/tcp Netconf

930/tcp  (  Unassigned, but use for Netconf )

4505-/tcp + 4506/tcp  ( Unassigned but use for Salt-minion )

Code Block
titleforewalld
[root@conductor_node2 ~]# firewall-cmd --list-all
t128 (active)
  target: DROP
  icmp-block-inversion: no
  interfaces: ens37 ens33 ens38
  sources:
  services: https ssh zookeeper salt-master netconf
  ports: 443/tcp 830/tcp 930/tcp 4505-4506/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[root@conductor_node2 ~]#



firewall-cmd --get-services


Code Block
titleservices
[root@conductor_node2 ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql netconf nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd salt-master samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zookeeper


Routerrouter-to-router and conductor-to-router

https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/concepts_machine_communication/#router-to-router-connectivity

firewall-cmd --list-all