Install Guide

Table Of Contents

4–Security Considerations

Managing Security

Doc. No. TD-000966 Rev. 1

b. Set a permanent port range of 1–1024 for TCP and UDP protocols (to

allow management agents qlremote, netqlremote, and iqlremote, to

communicate with the outside world):

# firewall-cmd --permanent --zone=public --add-port=1-1024/tcp

# firewall-cmd --permanent --zone=public --add-port=1-1024/udp

c. Allow QCC GUI servers to connect to client machines:

 Identify the current active zone and related interface (displayed

by the command in Step a for the server machine.

 Set options permanently to allow port 8080 for http and 8443 for

https:

# firewall-cmd --permanent --zone=public --add-port=8080/tcp

# firewall-cmd --permanent --zone=public --add-port=8080/udp

# firewall-cmd --permanent --zone=public --add-port=8443/tcp

# firewall-cmd --permanent --zone=public --add-port=8443/udp

3. Reload the firewall settings to make the current permanent settings the new

runtime settings. Issue the following command:

# firewall-cmd --reload

Red Hat Enterprise Linux (RHEL) 6.x

To configure the firewall on RHEL 6.x:

1. To check the firewall status (by default, the command shows chain and rules

set for the host), issue the following command:

# service iptables status

NOTE

The preceding commands reflect the default port numbers of

8080 for http and 8443 for https. If different port numbers were

specified during QCC GUI installation, replace the port numbers

in the preceding commands with the port numbers specified

during installation.

NOTE

Make sure the rpcbind service is running by issuing the following

commands:

# service rpcbind start

# systemctl enable rpcbind.service