Appendix B. OS Specifics
Configuring Debian and Ubuntu Firewalls
Debian and Ubuntu systems have iptables
installed by default, but often without any blocking lines. First check and see if you have configured the firewall. If so, just add a new rule to allow the middleware service to be reached, as follows:
$ sudo iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
...etc...
Look through the output and find an appropriate line number for this rule:
$ sudo iptables -I INPUT20
-m state --state NEW -p tcp \ --source192.168.200.0/24
--dport 61613 -j ACCEPT
If you have not confirmed the firewall yet, you can set up a very basic firewall that only allows SSH, ICMP, and ActiveMQ as follows:
$ sudo iptables -A 10 INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A 20 INPUT -p icmp -j ACCEPT
$ sudo iptables -A 30 INPUT -i lo -j ACCEPT
$ sudo iptables -A 40 INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
$ sudo iptables -A 50 INPUT -m state --state NEW -p tcp \
--source 192.168.200.0/24
--dport 61613 -j ACCEPT
$ sudo iptables -A 9999 INPUT -j REJECT --reject-with icmp-host-prohibited
If all of your servers will fit within a few subnet masks, it is advisable to limit this rule to only allow those subnets. Don’t forget to save that rule to your initial rules file. For Debian and Ubuntu systems, you have to manually set up loading and unloading ...
Get Learning MCollective now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.