content:en_us:kb_howtos_manually_editing_firewall_rules

Manually Editing Firewall Rules in ClearOS 5.x

Great care must be taken when modifying firewall rules. It is advised that you have direct console access when manually editing the firewall rules. It is quite easy and possible to lock yourself out of any and all remote management tools if the firewall is mis-configured.

Also, proficiency with a command line text editor is required for manipulation of these files. By default ClearOS comes with the vim editor (vi Improved).

/etc/firewall

ClearOS uses the file in /etc/firewall for the management of the firewall rules. Moreover, the system reads from this file when displaying the firewall rules in WebConfig. A well formed file can be safely edited from command line.

EXAMPLE: Opening WebConfig on External Interfaces

Open /etc/firewall with the vim editor.

vi /etc/firewall

Navigate to the RULES section and add the following line:

Webconfig||0x10000001|6||81| \

On a server where Webconfig is the only incoming allowable service, your rules will look like this:

RULES="\
	Webconfig||0x10000001|6||81| \
"

Save and exit the file. Restart the firewall rules:

service firewall start

To validate that the port is open…

[root@server ~]# service firewall status |grep hosts2-ns
 1494  226K ACCEPT     tcp  --  any    any     anywhere             192.168.0.254       tcp dpt:hosts2-ns 
 1791 1795K ACCEPT     tcp  --  any    eth0    192.168.0.254        anywhere            tcp spt:hosts2-ns 

search?q=clearos%2C%20clearos%20content%2C%20clearos5%2C%20howto%2C%20troubleshooting%2C%20categorynetwork%2C%20maintainer_dloper&btnI=lucky

content/en_us/kb_howtos_manually_editing_firewall_rules.txt · Last modified: 2015/02/11 17:21 (external edit)

Page Tools