5.2.2. Manually Configuring an iptables Firewall
The deployment methods described in this guide set up a basic firewall configuration by default. If your OpenShift Enterprise deployment requires additional open ports, you can use
iptables commands to allow access on each host as needed:
Procedure 5.1. To Configure an iptables Firewall:
- Use the following command to make any changes to an
iptablesconfiguration:#
iptables --insert Rule --in-interface Network_Interface --protocol Protocol --source IP_Address --dport Destination_Port --jump ACCEPTExample 5.1. Allowing Broker Access to MongoDB
The following is an example set of commands for allowing a set of brokers with IP addresses 10.0.0.1-3 access to the MongoDB datastore:iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.1 --dport 27017 --jump ACCEPT iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.2 --dport 27017 --jump ACCEPT iptables --insert INPUT -i eth0 -p tcp --source 10.0.0.3 --dport 27017 --jump ACCEPT
Example 5.2. Allowing Public Access to the Nameserver
The following example allows inbound public DNS requests to the nameserver:iptables --insert INPUT --protocol tcp --dport 53 -j ACCEPT iptables --insert INPUT --protocol udp --dport 53 -j ACCEPT
Note that because the command is for public access, there is no--sourceoption. - Save any firewall changes to make them persistent:
#
service iptables save
