Install Guide

Table Of Contents

4–Security Considerations

Managing Security

Doc. No. TD-000966 Rev. 1

2. If iptables service is set or started:

a. Set a port range of 1–1024 for the TCP and UDP protocols (allow

management agents qlremote, netqlremote, and iqlremote, to

communicate with the outside world):

# iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 1:1024 -j

# iptables -I INPUT 5 -p udp -m state --state NEW -m udp --dport 1:1024 -j

b. To set the options permanently to allow port 8080 for http and 8443 for

https (allow QCC GUI servers to connect to clients), issue the following

commands:

# iptables -I INPUT 6 -p tcp -m state --state NEW -m udp --dport 8080 -j ACCEPT

# iptables -I INPUT 7 -p udp -m state --state NEW -m udp --dport 8080 -j ACCEPT

# iptables -I INPUT 8 -p tcp -m state --state NEW -m udp --dport 8443 -j ACCEPT

# iptables -I INPUT 9 -p udp -m state --state NEW -m udp --dport 8443 -j ACCEPT

3. To make the current settings the new runtime settings, issue the following

command to save the firewall settings:

# service iptables save

SLES 12.x and 15.x

To configure the firewall on SLES:

1. Check the firewall status (by default, the command shows chain and rules

set for the host) by issuing the following command:

# iptables -L

2. To add customized rules in iptables, provide the path for customized rules in

/etc/sysconfig/SuSEfirewall2:

FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

#FW_CUSTOMRULES=""

NOTE

The preceding commands reflect the default port numbers of

8080 for HTTP and 8443 for HTTPS. If different port numbers

were specified during QCC GUI installation, replace the port

numbers in the preceding commands with the port numbers

specified during installation.