4.1.6. Procedure – Selecting the role of the host
Purpose:
By default, the iptables utility denies any traffic going through or to the machine. The installer configures the iptables utility according to the role of the host. This selection affects only the first installation of the host, it will not modify an existing iptables configuration.
Steps:
Select the role of this machine in your firewall configuration. The following roles are available:
: Only connections from the MS host are allowed.
Select this role when you are installing a firewall host, or any other standalone host that will be managed from MS.
MS agent and remote shell (SSH) communication will be enabled. This technically means ports TCP/1311 and TCP/22.
: Only connections from MCs are allowed.
Select this role if you are installing the PNS firewall and the Management Server on the same host.
MC to engine communication and remote shell communication will be allowed on ports TCP/1314 and TCP/22, respectively.
: The host is unreachable from the network.
All IP traffic will be dropped by default, therefore all remote administration attempts will fail. All allowed traffic has to be enabled manually from a local terminal.
If you have selected the or role, type following IP addresses:
FIREWALL: The IP address of the MS host used to manage the firewall.
MSHOST: The IP address of the MC used to manage the MS host (that is, the machines from where the firewall administrators will connect to MS). If managing MS is allowed from multiple hosts, separate the IP addresses of these hosts with spaces.
Warning Make sure that you type the IP adresses of the MS/MC hosts correctly.
Otherwise, the machine will not be accessible from MS/MC. In this case, you must manually correct the configuration of
iptables. For details, see man iptables-utils.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
