Archiv der Kategorie: Firewalleinstellungen

Firewalleinstellung für Smtp

<!– Firewall configuration information for SMTPMAIL –>
  <ConfigRoot>
    <service>
      <id>SMTPMAIL</id>
        <rule id=’0100′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>25</port>
              <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0101′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>25</port>
              <flags>-m state –state NEW</flags>
        </rule>
      </service>
  </ConfigRoot>

Firewallkonfiguration für APC

<!– Firewall configuration information for APC –>
  <ConfigRoot>
    <service>
      <id>APC</id>
        <rule id=’0100′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>3052</port>
              <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0101′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>3052</port>
              <flags>-m state –state NEW</flags>
        </rule>
      </service>
  </ConfigRoot>

Firewalleinstellung für SepSesam

<!– Firewall configuration information for SepSesam –>
  <ConfigRoot>
    <service>
      <id>SepSesam</id>
        <rule id=’0100′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>
              <begin>11001</begin>
              <end>11006</end>
            </port>
              <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0101′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>
              <begin>11301</begin>
              <end>11306</end>
            </port>
              <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0102′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>
              <begin>11001</begin>
              <end>11006</end>
            </port>
              <flags>-m state –state NEW</flags>
            </rule>
        <rule id=’0103′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>
            <begin>11301</begin>
              <end>11306</end>
              </port>
            <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0104′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>11201</port>
            <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0105′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>11201</port>
            <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0106′>
          <direction>inbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>11401</port>
            <flags>-m state –state NEW</flags>
        </rule>
        <rule id=’0107′>
          <direction>outbound</direction>
            <protocol>tcp</protocol>
            <port type=’dst‘>11401</port>
            <flags>-m state –state NEW</flags>
        </rule>
    </service>
  </ConfigRoot>

XML Konfiguration für Firewall einlesen

Die XML Dateien kommen in das Verzeichnis „/etc/vmware/firewall/“. Der Vorteil hierbei ist, das die die Einstellungen nach einem Update des Servers nicht verloren gehen.

Dateien einlesen:

esxcfg-firewall -l

Konfiguration aktivieren:

esxcfg-firewall -e <id aus dem XML-File>

Konfiguration deaktivieren:

esxcfg-firewall -d <id aus dem XML-File>

Wichtig ist, das bevor die XML-Datei geändert wird die entsprechende Regel zu deaktivieren.