Editing firewall ports

Use the provided examples as a reference for opening firewall ports on remote VADP proxy servers or application servers. You must restrict port traffic to only the required network or adapters.

Use the following commands to open ports on remote VADP proxy servers or application servers.

Red Hat Enterprise Linux 7 and later, and CentOS 7 and later

Use the following command to list the open ports:

firewall-cmd --list-ports

Use the following command to list zones:

firewall-cmd --get-zones

Use the following command to list the zone that contains the Ethernet port eth0:

firewall-cmd --get-zone-of-interface=eth0 

Use the following command to open port 8098 for TCP traffic. This command is not permanent.

firewall-cmd --add-port 8098/tcp

Use the following command to open port 8098 for TCP traffic after you restart the firewall rules. Use this command to make the changes persistent:

firewall-cmd --permanent --add-port 8098/tcp

To undo the change to the port, use this command:

firewall-cmd --remove-port 8098/tcp

Use the following command to open a range of ports:

firewall-cmd --permanent --add-port 60000-61000/tcp

Use the following command to reload the firewall rules with the firewall updates:

firewall-cmd --reload

SUSE Linux Enterprise Server 12

Edit the SUSE Linux® Enterprise Server 12 advanced security firewalls options from the Security and Users menu. Specify the new port range that you require and apply the changes.

Firewall configurations that use IP tables

The iptables utility is available on most Linux distributions to enable firewall rules and policy settings. These Linux distributions include Red Hat Enterprise Linux 6.8, Red Hat Enterprise Linux 7 and later, CentOS 7 and later, and SUSE Linux Enterprise Server 12. Before you use these commands, check which firewall zones are enabled by default. Depending upon the zone setup, the INPUT and OUTPUT terms might have to be renamed to match a zone for the required rule.

For Red Hat Enterprise Linux 7 and later, see the following example commands:

Use the following command to list the current firewall policies:

sudo iptables -S 
sudo iptables -L

Use the following command to open port 8098 for inbound TCP traffic from an internal subnet <172.31.1.0/24>:

sudo iptables -A INPUT -p tcp -s 172.31.1.0/24 --dport 8098 -j ACCEPT

Use the following command to open port 8098 for outbound TCP traffic to internal subnet <172.31.1.0/24>:

sudo iptables -A OUTPUT -p tcp -d 172.31.1.0/24 --sport 8098 -j ACCEPT

Use the following command to open port 8098 for outbound TCP traffic to external subnet <10.11.1.0/24> and only for Ethernet port adapter eth1:

sudo iptables -A OUTPUT -o eth1 -p tcp -d 10.11.1.0/24 --sport 8098 -j ACCEPT

Use the following command to open port 8098 for inbound TCP traffic to a range of CES IP addresses (10.11.1.5 through 10.11.1.11) and only for Ethernet port adapter eth1:

sudo iptables -A INPUT -i eth1 -p tcp -m iprange --dst-range 10.11.1.5-10.11.1.11 --dport 8098 -j ACCEPT

Use the following command to allow an internal network, Ethernet port adapter eth1 to communicate with an external network Ethernet port adapter eth0:

sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
This example is for Red Hat Enterprise Linux 7 and later specifically.

Use the following command to open port 8098 for inbound traffic from subnet 10.18.0.0/24 on Ethernet port eth1 within the public zone:

iptables -A IN_public_allow -i eth1 -p tcp -s 10.18.0.0/24 --dport 8098 -j ACCEPT

Use the following command to save firewall rule changes to persist after a firewall restart process:

sudo iptables-save

Use the following command to stop and start Uncomplicated Firewall (UFW):

service iptables stop service iptables start