search cancel

Virtual Appliance custom firewall configuration

book

Article ID: 202184

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Symantec Identity Suite documentation state that it is possible to implement custom firewall configuration by changing this file:

/opt/CA/VirtualAppliance/custom/iptables-firewall-configuration

This article provides an example.

Environment

Release : 14.3

Component : SIGMA-Identity Suite

Resolution

Please note that the /opt/CA/VirtualAppliance/custom/iptables-firewall-configuration is an iptables configuration file, and is not a script file that should contain iptables commands.

The above config file should look similar to following sample:

*filter
# Set the default policy of the INPUT chain to DROP
-P INPUT DROP
# Accept incoming TCP connections from eth0 on ports 22, 80 and 443
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
COMMIT

You don't need to reboot your vApp node.
To reload firewall rules you just need to restart iptables service:

service iptables restart

To check current firewall rules:

iptables --line-numbers -n -L

For details see manpage for iptables command: https://linux.die.net/man/8/iptables