Guys, how can I change firewall rules on CnMaestro? I tried to list IPtables rules and return error saying he is not running.
Some one can help?
Hi Kgblaster -- we don't currently support configuring firewall rules for access to cnMaestro On-Premises.
If you're logged into the console on cnMaestro on-premises, "sudo iptables -vnL" will list the (default empty) firewall chains. You can add/remove/alter rules with no trouble from the console, but only as root... (I usually issue "sudo -s" to remain as root when I'm editing firewall rules or config files, for convenience - it's not the best idea for day-to-day usage of course)
Of course this is only temporary, I assume you know how to make iptables rules restore on reboot through /etc/rc.local or similar. (I usually use iptables-save >/etc/default/iptables after rules are set then insert "iptables-restore </etc/default/iptables" into rc.local)
j
cambium@cnmaestro:~$ iptables -vnL
iptables v1.4.21: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
cambium@cnmaestro:~$ sudo -s
root@cnmaestro:~# iptables -vnL
Chain INPUT (policy DROP 2224 packets, 2263K bytes)
pkts bytes target prot opt in out source destination
108K 20M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
379 44371 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT all -- * * 10.0.0.0/8 0.0.0.0/0
0 0 ACCEPT all -- * * 71.19.200.0/24 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 75480 packets, 16M bytes)
pkts bytes target prot opt in out source destination
root@cnmaestro:~#
1 Like