Show Table of Contents
5.2.2. Manually Configuring an iptables Firewall
The deployment methods described in this guide set up a basic firewall configuration by default. If your OpenShift Enterprise deployment requires additional open ports, you can use
iptables commands to allow access on each host as needed:
Procedure 5.1. To Configure an iptables Firewall:
- Use the following command to make any changes to an
iptablesconfiguration:#
iptables --insert Rule --in-interface Network_Interface --protocol Protocol --source IP_Address --dport Destination_Port --jump ACCEPTExample 5.1. Allowing Broker Access to MongoDB
The following is an example set of commands for allowing a set of brokers with IP addresses 10.0.0.1-3 access to the MongoDB datastore:iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.1 --dport 27017 --jump ACCEPT iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.2 --dport 27017 --jump ACCEPT iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.3 --dport 27017 --jump ACCEPT
Example 5.2. Allowing Public Access to the Nameserver
The following example allows inbound public DNS requests to the nameserver:iptables --insert INPUT --protocol tcp --dport 53 -j ACCEPT iptables --insert INPUT --protocol udp --dport 53 -j ACCEPT
Note that because the command is for public access, there is no--sourceoption. - Save any firewall changes to make them persistent:
#
service iptables save
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.