(SOM) Support Tip: How to work with RHEL 6.x and Firewalls?
Hello SOM/SE Community,
With the fact that SOM Reporter is only supported on Linux (RHEL), it is becoming more and more common for those unfamliar with Linux to have to work with it on a frequent if not a daily basis. Many people are moving from a Windows SE environment to a Linux SOM environment so that both the SOM and SOM Reporter servers are on the same platform. One of the challenges that is often encountered is how to work with RHEL 6.x Firewalls.
Whether you use the Command-Line or GUI, there are different ways to setup/configure firewalls within RHEL 6.x
By default, the Firewall GUI package may not installed with RHEL 6.x. To install the GUI based utility, you would run the following command on your RHEL 6.x system.
# yum install system-config-firewall
Once you have the GUI installed, you can use it from the console or VNC to open/close firewall ports. Once you save these entries a file is created called 'system-config-firewall' and it is located within the /etc/sysconfig directory.
If you want to use the CLI commands to check the status of the firewall and open/close ports, you would use the 'iptables' command and service.
Example to show firewall configuration: # iptables -L -n
The 'iptables' and 'ip6tables' (IPv6) services are what control the firewalls on a RHEL 6.x server.
To add/delete an entry to the list of open ports, you would use the iptables command.
Example of adding/deleting a TCP port: # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 383 -j ACCEPT
# iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 383 -j ACCEPT
where the -A or -D means to Append or Delete the rule. Please read the iptables man page for more information.
Once all of the necessary changes have been made, you can save the current iptables settings so that it will be loaded at reboot.
# service iptables save
# service iptables restart
Saving the iptables settings creates a file 'iptables' within the /etc/sysconfig directory. This is loaded automatically when the service is restarted or the system rebooted. Both the system-config-firewall and iptables files can exist at the same time.
To temporarily stop and start the firewall you can use the 'service' command.
Example to stop and start firewall:
# service iptables stop
# service iptables start
Stopping the firewall using the 'service' command will only stop it until the next reboot.
To stop the service from starting after a reboot, you would use the chkconfig command.
Example to turn off firewall from starting after reboot: