5.2.2. Manually Configuring an iptables Firewall

The deployment methods described in this guide set up a basic firewall configuration by default. If your OpenShift Enterprise deployment requires additional open ports, you can use iptables commands to allow access on each host as needed:

Procedure 5.1. To Configure an iptables Firewall:

  1. Use the following command to make any changes to an iptables configuration:
    # iptables --insert Rule --in-interface Network_Interface --protocol Protocol --source IP_Address --dport Destination_Port --jump ACCEPT

    Example 5.1. Allowing Broker Access to MongoDB

    The following is an example set of commands for allowing a set of brokers with IP addresses 10.0.0.1-3 access to the MongoDB datastore:
    iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.1 --dport 27017 --jump ACCEPT
    iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.2 --dport 27017 --jump ACCEPT
    iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.3 --dport 27017 --jump ACCEPT

    Example 5.2. Allowing Public Access to the Nameserver

    The following example allows inbound public DNS requests to the nameserver:
    iptables --insert INPUT --protocol tcp --dport 53 -j ACCEPT
    iptables --insert INPUT --protocol udp --dport 53 -j ACCEPT
    Note that because the command is for public access, there is no --source option.
  2. Save any firewall changes to make them persistent:
    # service iptables save