Need help with opening/closing ports with firewalld

jcakakpo · January 22, 2023, 1:35am

Task:
We have a backup management application UI hosted on Nautilus’s backup server in Stratos DC.
That backup management application code is deployed under Apache on the backup server itself,
and Nginx is running as a reverse proxy on the same server. Apache and Nginx ports are 3004 and 8095,
respectively. We have iptables firewall installed on this server. Make the appropriate changes
to fulfill the requirements mentioned below:

We want to open all incoming connections to Nginx’s port and block all incoming connections
to Apache’s port. Also make sure rules are permanent.

Terminal output:
[root@stbkp01 ~]# firewall-cmd --permanent --add-port=8095/tcp
success
[root@stbkp01 ~]# firewall-cmd --permanent --add-port=8095/udp
success
[root@stbkp01 ~]# firewall-cmd --remove-port=3004/tcp --permanent
Warning: NOT_ENABLED: 3004:tcp
success
[root@stbkp01 ~]# firewall-cmd --remove-port=3004/udp --permanent
Warning: NOT_ENABLED: 3004:udp
success
[root@stbkp01 ~]# firewall-cmd --reload
success
[root@stbkp01 ~]#

Task Error:

“Either firewall rule was not added for Nginx port ‘8095’ or rule was not permanently added on Backup server”

Your help would be much appreciated

waiyanpyaesone06 · January 22, 2023, 11:47am

We have iptables firewall installed on this server

@jcakakpo
The task want us to use iptables command instead of firewall-cmd. Try these

[root@stbkp01 ~]# systemctl status iptables
[root@stbkp01 ~]# systemctl start iptables
[root@stbkp01 ~]# iptables -A INPUT -p tcp --dport 8095 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
 iptables -A INPUT -p tcp --dport 3004 -m conntrack --ctstate NEW -j REJECT
[root@stbkp01 ~]# iptables -R INPUT 5 -p icmp -j REJECT
[root@stbkp01 ~]#service iptables save
thor@jump_host ~$ telnet stbkp01 3004
thor@jump_host ~$ telnet stbkp01 8095

Don’t forget to change the port numbers according to the task.
And Please refer to the link to request a review for assistance.

jcakakpo · January 22, 2023, 10:55pm

Thanks @waiyanpyaesone06 !
Interesting to ask to use iptables instead of firewalld on cento 7.
I know the assignement mentions iptables somewhere but maybe it can be stated clearly that the task should be completed using iptables.
Do you suggest using reviews instead of posting this questions on the community board? I figured posting on the board would allow the whole community to help instead of putting the whole load on the admins.

Regards,
JC

waiyanpyaesone06 · January 23, 2023, 1:02am

Hello @jcakakpo

Do you suggest using reviews instead of posting this questions on the community board?

I would suggest you to do both. Using review could help you get the answer a lot quicker and you would get a chance to see other possible solutions.
As you suggested above, posting here could aware the community about the task and we would also get a chance to explain you to understand the task better.
So, therefore use review button to request assistance from other fellow engineers on KKE and post your query here also.

Regards,
Wai

jcakakpo · January 23, 2023, 1:10am

Thanks waiyanpyaesone06 !

cjb · February 6, 2023, 5:47pm

Is there a reason why the lab uses iptables vs firewalld? Isn’t iptables deprecated?