Manualshelf

Configuring firewall rules for HP Serviceguard on SUSE SLES and Red Hat

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux
123456
3
iptables -A Serviceguard -p udp dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT
iptables -A Serviceguard -p tcp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT
ip6tables -A Serviceguard -p udp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT
If you are using snmp, add:
iptables -A Serviceguard -p udp --dport snmp -j ACCEPT
iptables -A Serviceguard -p udp --dport snmptrap -j ACCEPT
If you are using the WBEM provider, add:
iptables -A Serviceguard -p tcp --dport wbem-http -j ACCEPT
iptables -A Serviceguard -p tcp --dport wbem-https -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport wbem-http -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport wbem-https -j ACCEPT
If you are using the HPVM Appserver, add:
iptables -A Serviceguard -p udp --dport hacl-poll -j ACCEPT
ip6tables -A Serviceguard -p udp --dport hacl-poll -j ACCEPT
If you are running the Quorum server on this system, add:
iptables -A Serviceguard -p tcp --dport hacl-qs -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport hacl-qs -j ACCEPT
If you are using Serviceguard Manager, add:
iptables -A Serviceguard -p udp --dport compaq-https -j ACCEPT
iptables -A Serviceguard -p tcp --dport compaq-https -j ACCEPT
iptables -A Serviceguard -p udp --dport cpq-wbem -j ACCEPT
iptables -A Serviceguard -p tcp --dport cpq-wbem -j ACCEPT
ip6tables -A Serviceguard -p udp --dport compaq-https -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport compaq-https -j ACCEPT
ip6tables -A Serviceguard -p udp --dport cpq-wbem -j ACCEPT
ip6tables -A Serviceguard -p tcp --dport cpq-wbem -j ACCEPT
Additionally, the port 1118 is used for Apache-Tomcat communication within the local host and this port
should be opened.
Once the rules are added, run:
service iptables save
service ip6tables save
Using the GUI
For a basic Serviceguard installation, use the GUI tool to open the following:
ident (tcp)
hacl-hb (udp)
hacl-hb (tcp)
hacl-cfg (udp)
hacl-cfg (tcp)
hacl-local (tcp)
32768-61000 (udp)
32768-61000 (tcp)