Appendix B. OS Specifics

Configuring Debian and Ubuntu Firewalls

Debian and Ubuntu systems have iptables installed by default, but often without any blocking lines. First check and see if you have configured the firewall. If so, just add a new rule to allow the middleware service to be reached, as follows:

$ sudo iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num  target   prot opt source        destination
1    ACCEPT   all  --  anywhere      anywhere       state RELATED,ESTABLISHED
...etc...

Look through the output and find an appropriate line number for this rule:

$ sudo iptables -I INPUT 20 -m state --state NEW -p tcp \
  --source 192.168.200.0/24 --dport 61613 -j ACCEPT

If you have not confirmed the firewall yet, you can set up a very basic firewall that only allows SSH, ICMP, and ActiveMQ as follows:

$ sudo iptables -A 10 INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A 20 INPUT -p icmp -j ACCEPT
$ sudo iptables -A 30 INPUT -i lo -j ACCEPT
$ sudo iptables -A 40 INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j 
  ACCEPT
$ sudo iptables -A 50 INPUT -m state --state NEW -p tcp \
  --source 192.168.200.0/24 --dport 61613 -j ACCEPT
$ sudo iptables -A 9999 INPUT -j REJECT --reject-with icmp-host-prohibited

If all of your servers will fit within a few subnet masks, it is advisable to limit this rule to only allow those subnets. Don’t forget to save that rule to your initial rules file. For Debian and Ubuntu systems, you have to manually set up loading and unloading ...

Get Learning MCollective now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning MCollective by Jo Rhett

Appendix B. OS Specifics

Configuring Debian and Ubuntu Firewalls

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly