![]() Of course, you may not want to blindly expose port 9092 to global traffic. That's this line which is opening the port: You may have noticed the key line which I added, which was to allow inbound traffic on port 9092. # Reject all other inbound - default deny unless explicitly allowed policy A INPUT -m limit -limit 5/min -j LOG -log-prefix "iptables denied: " -log-level 7 A INPUT -p icmp -m icmp -icmp-type 8 -j ACCEPT A INPUT -p tcp -m state -state NEW -dport 9999 -j ACCEPT # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE # Allow all input traffic from another server in private network # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) # You can modify this to only allow certain traffic A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Accepts all established inbound connections # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 I normally like to keep my iptables rules in a simple text file, which makes it an easy reference whenever they need to be updated. The first thing to do is to flush any existing rules, so we can start with a clean slate: These are my notes for some basic iptables rules, most recently used to open port 9092 to enable external network access to a Kafka cluster. Iptables is the default admin tool used to manage a firewall for most linux servers, enabling you to allow and disallow traffic to and from certain ports or IP addresses while restricting all others.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |