Chapter 5. Modifying firewall rules

5.1. Modifying firewall rules for disk encryption

On Network-Bound Disk Encryption (NBDE) key servers, you need to open ports so that encryption keys can be served.


  1. On each NBDE key server:

    1. Open ports required to serve encryption keys.


      The default port is 80/tcp. To use a custom port, see Deploying a tang server with SELinux in enforcing mode in the Red Hat Enterprise Linux 8 documentation.

      # firewall-cmd --add-port=80/tcp
      # firewall-cmd --add-port=80/tcp --permanent
    2. Verify that the port appears in the output of the following command.

      # firewall-cmd --list-ports | grep '80/tcp'