Skip to content

Firewall

Recommendations

Recommended firewall solution is to use firewalld. But firewalld configuration can be easily understood and translated to other solutions like nftables or iptables.

Configuring Firewalld for Onteon

Traffic and Firewall graph

FirewallD on Onteon Node Manager

  • 8020 - available to WWW or selected IP addresses
    firewall-cmd         \
        --permanent      \
        --zone=public    \
        --add-rich-rule="rule family=\"ipv4\" source address=\"PRIVATE_IP\" port protocol=\"tcp\" port=\"8020\" accept"
    
  • 8030 - available to OCC
    firewall-cmd         \
        --permanent      \
        --zone=public    \
        --add-rich-rule="rule family=\"ipv4\" source address=\"OCC_IP\" port protocol=\"tcp\" port=\"8030\" accept"
    
  • range 10000-20000 - available between ONMs
    firewall-cmd         \
        --permanent      \
        --zone=public    \
        --add-rich-rule="rule family=\"ipv4\" source address=\"OTHER_ONM\" port protocol=\"tcp\" port=\"10000-20000\" accept"
    

FirewallD on Onteon Control Center

  • 8050 - available to ONMs
    firewall-cmd         \
       --permanent      \
       --zone=public    \
       --add-rich-rule="rule family=\"ipv4\" source address=\"ONM_IP\" port protocol=\"tcp\" port=\"8050\" accept"
    
  • 8050 - available to Onteon CLI
    firewall-cmd         \
        --permanent      \
        --zone=public    \
        --add-rich-rule="rule family=\"ipv4\" source address=\"OCLI_IP\" port protocol=\"tcp\" port=\"8050\" accept"