Skip to main content
Skip table of contents

Setting firewalld

This document will provide a step by step guide to setting firewalld on VeridiumID nodes.

On persistence nodes

BASH 
# Enable and start firewalld
systemctl enable firewalld
systemctl start firewalld

# Check available zones -> default zone is 'public'
firewall-cmd --get-active-zones

# Add rules for persistence ports
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=2181/tcp --permanent
firewall-cmd --zone=public --add-port=2888/tcp --permanent
firewall-cmd --zone=public --add-port=3888/tcp --permanent
firewall-cmd --zone=public --add-port=7000/tcp --permanent
firewall-cmd --zone=public --add-port=7001/tcp --permanent
firewall-cmd --zone=public --add-port=7199/tcp --permanent
firewall-cmd --zone=public --add-port=9092/tcp --permanent
firewall-cmd --zone=public --add-port=9095/tcp --permanent
firewall-cmd --zone=public --add-port=9042/tcp --permanent

# Add rules for ILP kafka
firewall-cmd --zone=public --add-port=9192/tcp --permanent
firewall-cmd --zone=public --add-port=9193/tcp --permanent
firewall-cmd --zone=public --add-port=9195/tcp --permanent

# Restart firewalld
systemctl restart firewalld

# Validate ports are present in the firewalld config
firewall-cmd --zone=public --list-all

# Example output
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 22/tcp 2181/tcp 2888/tcp 3888/tcp 7000/tcp 7001/tcp 7199/tcp 9092/tcp 9095/tcp 9042/tcp 9192/tcp 9193/tcp 9195/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

On webapp nodes

BASH 
# Enable and start firewalld
systemctl enable firewalld
systemctl start firewalld

# Check available zones -> default zone is 'public'
firewall-cmd --get-active-zones

# Add rules for webapp ports
# In case of SNI configuration
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=2083/tcp --permanent

# In case of ports configuration
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=9444/tcp --permanent
firewall-cmd --zone=public --add-port=9987/tcp --permanent
firewall-cmd --zone=public --add-port=8544/tcp --permanent
firewall-cmd --zone=public --add-port=8944/tcp --permanent
firewall-cmd --zone=public --add-port=8945/tcp --permanent
firewall-cmd --zone=public --add-port=8946/tcp --permanent
firewall-cmd --zone=public --add-port=8947/tcp --permanent
firewall-cmd --zone=public --add-port=2083/tcp --permanent

# Restart firewalld
systemctl restart firewalld

# Validate ports are present in the firewalld config
firewall-cmd --zone=public --list-all

# Example output
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 22/tcp 443/tcp 9444/tcp 9987/tcp 8544/tcp 8944/tcp 8945/tcp 8946/tcp 8947/tcp 2083/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

To remove port from active configuration

BASH 
# Remove port
firewall-cmd --zone=public --remove-port=PORT_NUMBER/tcp
# Add config to permanent configuration
firewall-cmd --runtime-to-permanent
# Reload firewalld rules
firewall-cmd --reload

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close