• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Firewall Configuration

Scheduled Pinned Locked Moved
General
4
23
18.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    Wayne Workman
    last edited by Wayne Workman Nov 25, 2015, 9:59 PM Nov 26, 2015, 3:58 AM

    For the record - I’ll be using the Firewalld configuration at work soon - I’ll be doing it safely though. I’m keeping my old virtual FOG server in-tact but shutdown, and I’m setting up a new one on Fedora 23 using this configuration.

    I’m really confident that the Firewalld settings will work really well - They’ve worked fine at home so far for me.

    I’m holding off on adding this stuff to the WiKi because I feel it will be integrated into the installer prior to 1.3.0 being released @Developers. 🙂

    I’m not so confident about the iptables config - but I haven’t used it. The only thing that concerns me is the NFS ports. 😕 Hopefully some Ubuntu and Debian users can try it out soon and let us know how it works? @ch3i

    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
    Daily Clean Installation Results:
    https://fogtesting.fogproject.us/
    FOG Reporting:
    https://fog-external-reporting-results.fogproject.us/

    1 Reply Last reply Reply Quote 0
    • W
      Wayne Workman
      last edited by Wayne Workman Dec 1, 2015, 7:58 AM Dec 1, 2015, 1:58 PM

      I’ve been running the firewalld settings in production with Fedora 23 and I’m cautiously optimistic.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
      Daily Clean Installation Results:
      https://fogtesting.fogproject.us/
      FOG Reporting:
      https://fog-external-reporting-results.fogproject.us/

      1 Reply Last reply Reply Quote 0
      • W
        Wayne Workman
        last edited by Wayne Workman Dec 13, 2015, 1:11 AM Dec 13, 2015, 6:01 AM

        @Developers I have successfully operated at work for about two weeks now with the Firewalld portion of these instructions active. In my opinion, the firewalld stuff should be implimented into the installer for further testing.

        A good question is how to impliment them. Should the installer “just do it” or should it be a installation argument?

        If the argument route was taken, it could be something as simple as:

        ./installfog.sh --firewall yes

        or

        ./installfog.sh --firewall no

        With the option stored in /opt/fog/.fogsettings with the default being yes

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        1 Reply Last reply Reply Quote 0
        • W
          Wayne Workman @Joe Schmitt
          last edited by Jan 19, 2016, 5:40 AM

          @Jbob Added to the Wiki here: https://wiki.fogproject.org/wiki/index.php?title=FOG_security

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
          Daily Clean Installation Results:
          https://fogtesting.fogproject.us/
          FOG Reporting:
          https://fog-external-reporting-results.fogproject.us/

          T 1 Reply Last reply Jan 19, 2016, 9:45 AM Reply Quote 0
          • T
            Thiago @Wayne Workman
            last edited by Jan 19, 2016, 9:45 AM

            @Wayne-Workman
            I’m using ufw in a debian 8 system with:

            ufw default deny incoming
            ufw default allow outgoing

            #ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
            ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
            ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
            ufw enable

            I changed nfs to work with the firewall on debian
            #from
            RPCMOUNTDOPTS=“–manage-gids”
            #to
            RPCMOUNTDOPTS=“-p 20499”
            #and
            systemctl restart nfs-kernel-server.service

            W 2 Replies Last reply Jan 19, 2016, 1:35 PM Reply Quote 1
            • W
              Wayne Workman @Thiago
              last edited by Jan 19, 2016, 1:35 PM

              @Thiago How long have you been using these settings?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              T 1 Reply Last reply Jan 19, 2016, 1:47 PM Reply Quote 0
              • T
                Thiago @Wayne Workman
                last edited by Jan 19, 2016, 1:47 PM

                @Wayne-Workman
                at least 6 months

                1 Reply Last reply Reply Quote 0
                • W
                  Wayne Workman @Thiago
                  last edited by Jan 19, 2016, 1:51 PM

                  @Thiago said:

                  @Wayne-Workman
                  I’m using ufw in a debian 8 system with:

                  ufw default deny incoming
                  ufw default allow outgoing

                  #ports 21ftp, 22ssh, 80web, 111rpc, 69tftp, 443web, 2049nfs, 20499-nfs
                  ufw allow from 192.168.0.0/24 to any port 21,22,80,111,443,2049,20499 proto tcp
                  ufw allow from 192.168.0.0/24 to any port 69,111,2049,6080 proto udp
                  ufw enable

                  I changed nfs to work with the firewall on debian
                  #from
                  RPCMOUNTDOPTS=“–manage-gids”
                  #to
                  RPCMOUNTDOPTS=“-p 20499”
                  #and
                  systemctl restart nfs-kernel-server.service

                  Can anyone else test out Thiago’s UFW settings? @Moderators @Developers

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  T 1 Reply Last reply Jan 19, 2016, 2:13 PM Reply Quote 0
                  • T
                    Thiago @Wayne Workman
                    last edited by Jan 19, 2016, 2:13 PM

                    @Wayne-Workman
                    It lacked a row before ufw enable:

                    ufw allow from 192.168.0.255

                    to fit our net environment

                    1 Reply Last reply Reply Quote 0
                    • W
                      Wayne Workman
                      last edited by Wayne Workman Feb 10, 2016, 12:06 PM Feb 10, 2016, 5:28 PM

                      the firewalld configuration no longer works on Fedora 21.

                      The commands succeed, but at least http is blocked still.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                      Daily Clean Installation Results:
                      https://fogtesting.fogproject.us/
                      FOG Reporting:
                      https://fog-external-reporting-results.fogproject.us/

                      1 Reply Last reply Reply Quote 0
                      • george1421G george1421 referenced this topic on Jul 31, 2023, 9:48 AM
                      • 1
                      • 2
                      • 2 / 2
                      • First post
                        Last post

                      265

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project