On CentOS 6, the Linux kernel firewall is configured via iptables. ftrack server exposes certain services on various ports, for administrative and debugging purposes, but one might want to prevent access to these and other ports from those outside or even inside your network.


Take care when adjusting firewall settings via iptables, as one may render the server unreachable over the network. By default these settings are not saved, and rebooting the server will restore the default configuration. Also, physical access to a terminal would allow reverting one's changes.

Example Settings

The following will allow limited traffic over http to support redirecting to the https service where full traffic is allowed. Additionally allows SSH for remote administration, as well as any communication relating to established connections and local server traffic.

# Allow all access by default
iptables -P INPUT ACCEPT

# Allow loopback and established connections, SSH, HTTPS, and new HTTP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

# Disallow all other inbound requests
iptables -P INPUT DROP
Did this answer your question?