Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
22.14.2. Configure the Firewall Using the Command Line
To enable
Copy to Clipboard
Copied!
Note that this will restart the firewall as long as it has not been disabled with the
NTP to pass through the firewall using the command line, issue the following command as root:
lokkit --port=123:udp --update
~]# lokkit --port=123:udp --update--disabled option. Active connections will be terminated and time out on the initiating machine.
When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall setting from being applied. Therefore, check the
/etc/sysconfig/system-config-firewall file thoroughly after editing.
To enable
Copy to Clipboard
Copied!
Note that these changes will not take effect until the firewall is reloaded or the system restarted.
NTP to pass through the firewall, by editing the configuration file, become the root user and add the following line to /etc/sysconfig/system-config-firewall:
--port=123:udp
--port=123:udp22.14.2.1. Checking Network Access for Incoming NTP Using the Command Line
To check if the firewall is configured to allow incoming
Copy to Clipboard
Copied!
In this example taken from a default installation, the firewall is enabled but
Copy to Clipboard
Copied!
NTP traffic for clients using the command line, issue the following command as root:
less /etc/sysconfig/system-config-firewall
~]# less /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--enabled
--service=sshNTP has not been allowed to pass through. Once it is enabled, the following line appears as output in addition to the lines shown above:
--port=123:udp
--port=123:udp
To check if the firewall is currently allowing incoming
Copy to Clipboard
Copied!
NTP traffic for clients, issue the following command as root:
iptables -L -n | grep 'udp.*123'
~]# iptables -L -n | grep 'udp.*123'
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}