Firewall Default Configuration
Topic: Security
Related: Web Content Filtering, Accessing DoD Resources, Certificates, Customer FAQs, IATT-like Connectivity

The default firewall configuration of a machine in a deployment run is set as follows:

  1. Linux inbound ports allowed on the cons3rt-net
  • 22 TCP
  • 5902 TCP
  • ICMP
  1. Windows inbound ports allowed on the cons3rt-net
  • 3389 TCP/UDP
  • 5902 TCP
  1. All other incoming traffic on the cons3rt-net is either blocked or rejected
  2. All outgoing traffic on the cons3rt-net is not filtered
  3. Traffic on all other interfaces is not filtered
Using firewalld

The default firewall configuration is handled on Linux using iptables and iptables-service. To cleanly change over to firewalld and continue to allow remote access use the following script:

#!/bin/bash
yum -y remove iptables-services
systemctl disable iptables-service
systemctl stop iptables-service
rm -f /etc/sysconfig/iptables-startup
rm -f /lib/systemd/system/iptables-service.service
systemctl enable firewalld.service
systemctl start firewalld.service
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --permanent --add-port=5902/tcp
systemctl reload firewalld