The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To implement a simple, general-purpose firewall, you can use the Firewall Configuration GUI (system-config-firewall) or the text-based version of this tool (system-config-firewall-tui) to create basic packet filtering rules. To create a more complex firewall configuration, use the iptables and ip6tables utilities to configure the rules for IPv4 and IPv6.
For example, the following commands add a permanent IPv4 rule to
allow incoming access to TCP port number
N
on a system from the local subnet:
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p tcp-m state --state NEW -m tcp -–dport
#N
-j ACCEPTservice iptables save
The commands to add a rule for a UDP port are similar:
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p udp-m udp -–dport
#N
-j ACCEPTservice iptables save
The following table lists some ports that you might need to open in the firewall to allow access to various services.
Service | TCP Ports | UDP Ports |
---|---|---|
DNS (name service) | 53 | 53 |
HTTP (web service) | 80 | |
HTTPS (secure web service) | 443 | |
IPP client (network printing) | 631 | |
IPP server (network printing) | 631 | 631 |
Kerberos (authentication) | 88, 464, 749 | 88, 464, 749 |
LDAP (directory service) | 389 | |
LDAPS (LDAP over SSL) | 636 | |
SMTP (email transport) | 25 | |
SSH (secure shell) | 22 | |
NFSv2 and NFSv3 | 111, 662*, 892*, 2049, 32803* | 111, 662*, 892*, 2049, 32769* |
NFSv4 | 2049 | - |
NIS (administrative databases) | 111, 834 | 111, 834 |
OCFS2 (cluster file system) | 7777 | 7777 |
Samba | 139, 445 | 137, 138 |
* These ports used by NFSv2 and NFSv3
are determined by settings in
/etc/sysconfig/nfs
for
LOCKD_TCPPORT
,
LOCKD_UDPPORT
, MOUNTD_PORT
,
and STATD_PORT
.