Firewall Configuration
-
I’ve been running the firewalld settings in production with Fedora 23 and I’m cautiously optimistic.
-
@Developers I have successfully operated at work for about two weeks now with the Firewalld portion of these instructions active. In my opinion, the firewalld stuff should be implimented into the installer for further testing.
A good question is how to impliment them. Should the installer “just do it” or should it be a installation argument?
If the argument route was taken, it could be something as simple as:
./installfog.sh --firewall yes
or
./installfog.sh --firewall no
With the option stored in
/opt/fog/.fogsettings
with the default beingyes
-
@Jbob Added to the Wiki here: https://wiki.fogproject.org/wiki/index.php?title=FOG_security
-
@Wayne-Workman
I’m using ufw in a debian 8 system with:ufw default deny incoming
ufw default allow outgoing#ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
ufw enableI changed nfs to work with the firewall on debian
#from
RPCMOUNTDOPTS=“–manage-gids”
#to
RPCMOUNTDOPTS=“-p 20499”
#and
systemctl restart nfs-kernel-server.service -
@Thiago How long have you been using these settings?
-
@Wayne-Workman
at least 6 months -
@Thiago said:
@Wayne-Workman
I’m using ufw in a debian 8 system with:ufw default deny incoming
ufw default allow outgoing#ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
ufw enableI changed nfs to work with the firewall on debian
#from
RPCMOUNTDOPTS=“–manage-gids”
#to
RPCMOUNTDOPTS=“-p 20499”
#and
systemctl restart nfs-kernel-server.serviceCan anyone else test out Thiago’s UFW settings? @Moderators @Developers
-
@Wayne-Workman
It lacked a row before ufw enable:ufw allow from 192.168.0.255
to fit our net environment
-
the firewalld configuration no longer works on Fedora 21.
The commands succeed, but at least http is blocked still.
-
post-is-deleted -