Configuring firewall rules for HP Serviceguard on SUSE SLES and Red Hat

ManualsBrandsHP ManualsSoftwareHP SAP Linux Serviceguard Cluster Extension

Technical white paper

Configuring firewall rules for HP Serviceguard

on SUSE SLES and Red Hat

Table of contents

Introduction 2

Audience 2

Revision history 2

Configuring firewall rules on Red Hat 5 and Red Hat 6 2

Using the command line 2

Using the GUI 3

Configuring firewall rules on SUSE SLES 10 4

Using the command line 4

Using the GUI 5

Conclusion 6

Additional information 6

Summary of content (6 pages)

PAGE 1
Technical white paper Configuring firewall rules for HP Serviceguard on SUSE SLES and Red Hat Table of contents Introduction Audience Revision history 2 2 2 Configuring firewall rules on Red Hat 5 and Red Hat 6 Using the command line Using the GUI 2 2 3 Configuring firewall rules on SUSE SLES 10 Using the command line Using the GUI 4 4 5 Conclusion 6 Additional information 6
PAGE 2
Introduction This white paper explains how to configure firewall rules for HP Serviceguard on SUSE SLES and Red Hat distributions of Linux. Before deploying a Serviceguard Cluster, ports used by Serviceguard have to be enabled, as these ports may remain blocked in a default system firewall configuration. This document is intended to be read in conjunction with the “Compatibility” section of the latest version of the HP Serviceguard for Linux Release Notes.
PAGE 3
iptables -A Serviceguard -p udp –dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT iptables -A Serviceguard -p tcp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT ip6tables -A Serviceguard -p udp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT ip6tables -A Serviceguard -p tcp --dport "$lower_dynamic":"$upper_dynamic" -j ACCEPT If you are using snmp, add: iptables -A Serviceguard -p udp --dport snmp -j ACCEPT iptables -A Serviceguard -p udp --dport snmptrap -j ACCEPT If you are using the WBEM provi
PAGE 4
NOTE: The numbers in the list above are the default ranges for dynamic ports. If you have adjusted the ranges, adjust these numbers accordingly.
PAGE 5
Using the GUI Go to the “Allowed Services” page in the YaST2 firewall configuration and click “Advanced” while looking at the “External Zone” rules. Then add the following strings to the “TCP Ports” or “UDP Ports” fields, separating the various rules with spaces. For a basic Serviceguard installation: • TCP: ident hacl-hb hacl-cfg hacl-local 1024:29999 • UDP: hacl-hb hacl-cfg 1024:29999 NOTE: The numbers above are the default ranges for dynamic ports.
PAGE 6
Conclusion A firewall is a critical part of any establishment that connects to an unprotected network such as the Internet. Following the firewall rules for iptables mentioned in this white paper can provide additional protection against network security threats. The firewall rules must be configured using either the command line or GUI.