Using software firewall

Instructions to configure iptables to control access to your ftrack server

Mattias Seebergs avatar
Written by Mattias Seebergs
Updated over a week ago

On CentOS 6, the Linux kernel firewall is configured via iptables. ftrack server exposes certain services on various ports, for administrative and debugging purposes, but one might want to prevent access to these and other ports from those outside or even inside your network.

Note

Take care when adjusting firewall settings via iptables, as one may render the server unreachable over the network. By default these settings are not saved, and rebooting the server will restore the default configuration. Also, physical access to a terminal would allow reverting one's changes.

Example Settings

The following will allow limited traffic over http to support redirecting to the https service where full traffic is allowed. Additionally allows SSH for remote administration, as well as any communication relating to established connections and local server traffic.

# Allow all access by default
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Allow loopback and established connections, SSH, HTTPS, and new HTTP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

# Disallow all other inbound requests
iptables -P INPUT DROP
Did this answer your question?