Disable HTTP and HTTPS over the public network

By default, HTTP and HTTPS are enabled in IBM® Spectrum Cluster Foundation Community Edition.

About this task

To change the default and keep services visible only to the private network, edit the /etc/sysconfig/iptables file.

Procedure

  • On RHEL:
    1. In /etc/sysconfig/iptables, find and comment out the following lines: 
       -A INPUT -i ethl -m state --state NEW -p tcp --dport 80 -j ACCEPT
 -A INPUT -i ethl -m state --state NEW -p tcp --dport 443 -j ACCEPT
    2. Restart iptables: 
      service iptables restart
  • On SLES:
    1. Edit the /etc/sysconfig/SuSEfirewall2 file, and enable port 8443 for FW_SERVICES_EXT_TCP and FW_SERVICES_EXT_UDP.
    2. Restart the firewall by running: 
      /sbin/SuSEfirewall2 stop
/sbin/SuSEfirewall2 start