Deployment Guide
3. Configure the IP table to accept web server ports 443 and 80. AFM uses HTTPs port 443 and HTTP
port 80 for the web server.
# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT –p icmp -j ACCEPT
-A INPUT –i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
4. After modifying the firewall configuration to accept the port numbers, restart the iptables service
to accept the changes using the service iptables restart command and then use the
service iptables status command to check the status.
#service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
#service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destinati
on
1 ACCEPT all -- 0.0.0.0/
0
0.0.0.0/0 state
RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/
0
0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/
0
0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/
0
0.0.0.0/0 state NEW tcp dpt:80
5 ACCEPT tcp -- 0.0.0.0/
0
0.0.0.0/0 state NEW tcp dpt:443
6 ACCEPT tcp -- 0.0.0.0/
0
0.0.0.0/0 state NEW tcp dpt:22
7 REJECT all -- 0.0.0.0/
0
0.0.0.0/0 reject-with icmp-
host-prohibited
Chain FORWARD (policy ACCEPT)
26
RPM Installation