<![CDATA[Firewall Rules Fog Server]]>Trying to button up our Fog Server and apply UFW rules. Does anyone have a default ruleset that they use for Fog? This is what it is currently listening on:

udp    UNCONN  0        0                  0.0.0.0:55629          0.0.0.0:*      users:(("rpc.statd",pid=688,fd=8))
udp    UNCONN  0        0                  0.0.0.0:59831          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=8))
udp    UNCONN  0        0            127.0.0.53%lo:53             0.0.0.0:*      users:(("systemd-resolve",pid=675,fd=13))
udp    UNCONN  0        0          10.10.70.9%eth0:68             0.0.0.0:*      users:(("systemd-network",pid=673,fd=15))
udp    UNCONN  0        0                  0.0.0.0:69             0.0.0.0:*      users:(("in.tftpd",pid=819,fd=4))
udp    UNCONN  0        0                  0.0.0.0:111            0.0.0.0:*      users:(("rpcbind",pid=544,fd=5),("systemd",pid=1,fd=62))
udp    UNCONN  0        0                  0.0.0.0:49302          0.0.0.0:*
udp    UNCONN  0        0                  0.0.0.0:161            0.0.0.0:*      users:(("snmpd",pid=713,fd=6))
udp    UNCONN  0        0                127.0.0.1:864            0.0.0.0:*      users:(("rpc.statd",pid=688,fd=5))
udp    UNCONN  0        0                  0.0.0.0:33924          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=4))
udp    UNCONN  0        0                  0.0.0.0:33928          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=12))
udp    UNCONN  0        0                     [::]:46961             [::]:*      users:(("rpc.mountd",pid=687,fd=14))
udp    UNCONN  0        0                     [::]:43807             [::]:*      users:(("rpc.mountd",pid=687,fd=10))
udp    UNCONN  0        0                     [::]:44473             [::]:*      users:(("rpc.mountd",pid=687,fd=6))
udp    UNCONN  0        0                     [::]:36621             [::]:*      users:(("rpc.statd",pid=688,fd=10))
udp    UNCONN  0        0                     [::]:69                [::]:*      users:(("in.tftpd",pid=819,fd=5))
udp    UNCONN  0        0                     [::]:111               [::]:*      users:(("rpcbind",pid=544,fd=7),("systemd",pid=1,fd=64))
udp    UNCONN  0        0                     [::]:37797             [::]:*
tcp    LISTEN  0        4096               0.0.0.0:42063          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=9))
tcp    LISTEN  0        32                 0.0.0.0:21             0.0.0.0:*      users:(("vsftpd",pid=730,fd=3))
tcp    LISTEN  0        128                0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=850,fd=3))
tcp    LISTEN  0        4096               0.0.0.0:111            0.0.0.0:*      users:(("rpcbind",pid=544,fd=4),("systemd",pid=1,fd=61))
tcp    LISTEN  0        4096               0.0.0.0:60621          0.0.0.0:*      users:(("rpc.statd",pid=688,fd=9))
tcp    LISTEN  0        80                 0.0.0.0:3306           0.0.0.0:*      users:(("mariadbd",pid=926,fd=30))
tcp    LISTEN  0        4096               0.0.0.0:48417          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=5))
tcp    LISTEN  0        64                 0.0.0.0:44735          0.0.0.0:*
tcp    LISTEN  0        64                 0.0.0.0:2049           0.0.0.0:*
tcp    LISTEN  0        4096               0.0.0.0:35157          0.0.0.0:*      users:(("rpc.mountd",pid=687,fd=13))
tcp    LISTEN  0        4096                  [::]:54973             [::]:*      users:(("rpc.mountd",pid=687,fd=11))
tcp    LISTEN  0        128                   [::]:22                [::]:*      users:(("sshd",pid=850,fd=4))
tcp    LISTEN  0        511                      *:80                   *:*      users:(("apache2",pid=1338482,fd=4),("apache2",pid=1275019,fd=4),("apache2",pid=1274184,fd=4),("apache2",pid=1274085,fd=4),("apache2",pid=1274084,fd=4),("apache2",pid=1274083,fd=4),("apache2",pid=1274082,fd=4),("apache2",pid=1274081,fd=4),("apache2",pid=986,fd=4))
tcp    LISTEN  0        64                    [::]:41029             [::]:*
tcp    LISTEN  0        4096                  [::]:111               [::]:*      users:(("rpcbind",pid=544,fd=6),("systemd",pid=1,fd=63))
tcp    LISTEN  0        511                      *:443                  *:*      users:(("apache2",pid=1338482,fd=6),("apache2",pid=1275019,fd=6),("apache2",pid=1274184,fd=6),("apache2",pid=1274085,fd=6),("apache2",pid=1274084,fd=6),("apache2",pid=1274083,fd=6),("apache2",pid=1274082,fd=6),("apache2",pid=1274081,fd=6),("apache2",pid=986,fd=6))
tcp    LISTEN  0        4096                  [::]:53863             [::]:*      users:(("rpc.mountd",pid=687,fd=7))
tcp    LISTEN  0        4096                  [::]:33617             [::]:*      users:(("rpc.statd",pid=688,fd=11))
tcp    LISTEN  0        80                    [::]:3306              [::]:*      users:(("mariadbd",pid=926,fd=32))
tcp    LISTEN  0        4096                  [::]:45009             [::]:*      users:(("rpc.mountd",pid=687,fd=15))
tcp    LISTEN  0        64                    [::]:2049              [::]:*
]]>http://forums.fogproject.org/topic/18123/firewall-rules-fog-serverRSS for NodeSat, 06 Jun 2026 01:24:45 GMTThu, 26 Feb 2026 14:56:48 GMT60<![CDATA[Reply to Firewall Rules Fog Server on Fri, 27 Feb 2026 06:11:34 GMT]]>@astrugatch we have firewalld but you can make the adjustments… some ports have been changed from the initial setup due to network restrictions.

- name: FOG_Services
    short: FOG Server network rules
    description: >-
      For FOG Server to handle boot, image and various tasks on workstations
    sources:
      - SUBNET_IPS
    allow_icmp:
      - echo-request
      - echo-reply
    services:
      - ftp
      - http
      - mountd
      - nfs
      - rpc-bind
      - tftp
    ports:
      - { port: 20048, proto: tcp }  # nfs
      - { port: 20048, proto: udp }  # nfs
      - { port: "35350-36350", proto: udp }  # tftp
      - { port: "49512-65532", proto: udp }  # multicast
]]>http://forums.fogproject.org/post/157886http://forums.fogproject.org/post/157886Fri, 27 Feb 2026 06:11:34 GMT