• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Firewall Configuration

    Scheduled Pinned Locked Moved
    General
    4
    23
    18.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • george1421G
      george1421 Moderator
      last edited by

      During the install of FOG, it asks to make fog a dns and dhcp server but those ports are not listed in the script.

      For clarity, I took and rebuilt a clean centos box. I set the firewall rules and then installed the latest SVN trunk. I just remembered that I need to set the selinux policy since it is centos defaults. But any way the plan is to apply your settings to a clean install install your policies and then install the latest SVN trunk.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 1
      • J
        Joe Schmitt Senior Developer
        last edited by Joe Schmitt

        @george1421 there is a DHCP section in the post. I will include DNS as well. Right now I wish to keep those options separate. Eventually the installer should automatically configure the firewall based on installation preference.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        george1421G 1 Reply Last reply Reply Quote 1
        • george1421G
          george1421 Moderator @Joe Schmitt
          last edited by

          @Jbob said:

          @george1421 there is a DHCP section in the post. I will include DNS as well. Right now I wish to keep those options separate. Eventually the installer should automatically configure the firewall based on installation preference.

          Sorry I missed that. I copied the top sections and skipped the bottom.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          1 Reply Last reply Reply Quote 1
          • Wayne WorkmanW
            Wayne Workman
            last edited by Wayne Workman

            the firewalld stuff works fine on Fedora 23 Server so far.

            I’ve tried this setup on a virtualized Fedora 23 DHCP server, and a virtualized Fedora 23 FOG server (using only the settings each one needs). I’ve imaged 2 computers so far with this setup. One of them, I tried out WOL just to confirm that still works - it does.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
            Daily Clean Installation Results:
            https://fogtesting.fogproject.us/
            FOG Reporting:
            https://fog-external-reporting-results.fogproject.us/

            1 Reply Last reply Reply Quote 0
            • Wayne WorkmanW
              Wayne Workman
              last edited by Wayne Workman

              For the record - I’ll be using the Firewalld configuration at work soon - I’ll be doing it safely though. I’m keeping my old virtual FOG server in-tact but shutdown, and I’m setting up a new one on Fedora 23 using this configuration.

              I’m really confident that the Firewalld settings will work really well - They’ve worked fine at home so far for me.

              I’m holding off on adding this stuff to the WiKi because I feel it will be integrated into the installer prior to 1.3.0 being released @Developers. 🙂

              I’m not so confident about the iptables config - but I haven’t used it. The only thing that concerns me is the NFS ports. 😕 Hopefully some Ubuntu and Debian users can try it out soon and let us know how it works? @ch3i

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              1 Reply Last reply Reply Quote 0
              • Wayne WorkmanW
                Wayne Workman
                last edited by Wayne Workman

                I’ve been running the firewalld settings in production with Fedora 23 and I’m cautiously optimistic.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                Daily Clean Installation Results:
                https://fogtesting.fogproject.us/
                FOG Reporting:
                https://fog-external-reporting-results.fogproject.us/

                1 Reply Last reply Reply Quote 0
                • Wayne WorkmanW
                  Wayne Workman
                  last edited by Wayne Workman

                  @Developers I have successfully operated at work for about two weeks now with the Firewalld portion of these instructions active. In my opinion, the firewalld stuff should be implimented into the installer for further testing.

                  A good question is how to impliment them. Should the installer “just do it” or should it be a installation argument?

                  If the argument route was taken, it could be something as simple as:

                  ./installfog.sh --firewall yes

                  or

                  ./installfog.sh --firewall no

                  With the option stored in /opt/fog/.fogsettings with the default being yes

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  1 Reply Last reply Reply Quote 0
                  • Wayne WorkmanW
                    Wayne Workman @Joe Schmitt
                    last edited by

                    @Jbob Added to the Wiki here: https://wiki.fogproject.org/wiki/index.php?title=FOG_security

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                    Daily Clean Installation Results:
                    https://fogtesting.fogproject.us/
                    FOG Reporting:
                    https://fog-external-reporting-results.fogproject.us/

                    ThiagoT 1 Reply Last reply Reply Quote 0
                    • ThiagoT
                      Thiago @Wayne Workman
                      last edited by

                      @Wayne-Workman
                      I’m using ufw in a debian 8 system with:

                      ufw default deny incoming
                      ufw default allow outgoing

                      #ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
                      ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
                      ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
                      ufw enable

                      I changed nfs to work with the firewall on debian
                      #from
                      RPCMOUNTDOPTS=“–manage-gids”
                      #to
                      RPCMOUNTDOPTS=“-p 20499”
                      #and
                      systemctl restart nfs-kernel-server.service

                      Wayne WorkmanW 2 Replies Last reply Reply Quote 1
                      • Wayne WorkmanW
                        Wayne Workman @Thiago
                        last edited by

                        @Thiago How long have you been using these settings?

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                        Daily Clean Installation Results:
                        https://fogtesting.fogproject.us/
                        FOG Reporting:
                        https://fog-external-reporting-results.fogproject.us/

                        ThiagoT 1 Reply Last reply Reply Quote 0
                        • ThiagoT
                          Thiago @Wayne Workman
                          last edited by

                          @Wayne-Workman
                          at least 6 months

                          1 Reply Last reply Reply Quote 0
                          • Wayne WorkmanW
                            Wayne Workman @Thiago
                            last edited by

                            @Thiago said:

                            @Wayne-Workman
                            I’m using ufw in a debian 8 system with:

                            ufw default deny incoming
                            ufw default allow outgoing

                            #ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
                            ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
                            ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
                            ufw enable

                            I changed nfs to work with the firewall on debian
                            #from
                            RPCMOUNTDOPTS=“–manage-gids”
                            #to
                            RPCMOUNTDOPTS=“-p 20499”
                            #and
                            systemctl restart nfs-kernel-server.service

                            Can anyone else test out Thiago’s UFW settings? @Moderators @Developers

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                            Daily Clean Installation Results:
                            https://fogtesting.fogproject.us/
                            FOG Reporting:
                            https://fog-external-reporting-results.fogproject.us/

                            ThiagoT 1 Reply Last reply Reply Quote 0
                            • ThiagoT
                              Thiago @Wayne Workman
                              last edited by

                              @Wayne-Workman
                              It lacked a row before ufw enable:

                              ufw allow from 192.168.0.255

                              to fit our net environment

                              1 Reply Last reply Reply Quote 0
                              • Wayne WorkmanW
                                Wayne Workman
                                last edited by Wayne Workman

                                the firewalld configuration no longer works on Fedora 21.

                                The commands succeed, but at least http is blocked still.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                Daily Clean Installation Results:
                                https://fogtesting.fogproject.us/
                                FOG Reporting:
                                https://fog-external-reporting-results.fogproject.us/

                                1 Reply Last reply Reply Quote 0
                                • george1421G george1421 referenced this topic on
                                • 1
                                • 2
                                • 1 / 2
                                • First post
                                  Last post

                                133

                                Online

                                12.0k

                                Users

                                17.3k

                                Topics

                                155.2k

                                Posts
                                Copyright © 2012-2024 FOG Project