Linux firewall iptables and firewalld
| Conductor | https://docs.128technology.com/docs/bcp_conductor_deployment#linux-os-tuning |
|---|---|
list zones [root@conductor_node2 ~]# firewall-cmd --get-zones block dmz drop external home internal public t128 trusted work | |
| Router to Conductor | firewall-cmd --list-all https://www.speedguide.net/port.php?port=4505 443/tcp ( HTTPS/TLS ) 830/tcp Netconf 930/tcp ( Unassigned, but use for Netconf ) 4505/tcp + 4506/tcp ( Unassigned but use for Salt-minion ) forewalld [root@conductor_node2 ~]# firewall-cmd --list-all t128 (active) target: DROP icmp-block-inversion: no interfaces: ens37 ens33 ens38 sources: services: https ssh zookeeper salt-master netconf ports: 443/tcp 830/tcp 930/tcp 4505-4506/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@conductor_node2 ~]# |
firewall-cmd --get-services services [root@conductor_node2 ~]# firewall-cmd --get-services RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql netconf nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd salt-master samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zookeeper | |
| Router | |
firewall-cmd --list-all
| |
