Last active
August 25, 2021 09:30
-
-
Save gsluthra/2e63e665919188f51640f67effa27603 to your computer and use it in GitHub Desktop.
Firewall settings for Bahmni (Allow only SSH, and Browser access to http, https and openerp. Block everything else). If you are using to setup on Digtial Ocean / CentOS v7.6, then scroll to bottom for comments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Refer to this link to understand below rules: https://wiki.centos.org/HowTos/Network/IPTables | |
# Set default input policy to ACCEPT | |
iptables -P INPUT ACCEPT | |
# Flush all current rules! | |
iptables -F | |
# Allow localhost interface | |
iptables -A INPUT -i lo -j ACCEPT | |
# Allow Established | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Allow SSH access | |
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
# Allow Web Access to Bahmni Apps (http, https, openerp) | |
iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
iptables -A INPUT -p tcp --dport 8069 -j ACCEPT | |
# DROP ALL Incoming connections except those which are marked as ACCEPT (Policy change!) | |
iptables -P INPUT DROP | |
# DROP all Forwards (we are not a router) | |
iptables -P FORWARD DROP | |
# Allow all output | |
iptables -P OUTPUT ACCEPT | |
# Print Final Settings | |
iptables -L -n -v --line-numbers | |
# Make changes permanent | |
/sbin/service iptables save |
For CentOS 7.x the following script can be used to setup firewall using firewalld
firewalld configuration script
Thanks @logshvar this is helpful!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you are using Digital Ocean cloud deployment for Bahmni, on CentOS v7, then iptables is no longer their default firewall. You can directly use Digital Ocean's network firewall option, and configure it easily from their UI. Here is a sample screenshot of how it looks when you set it up:
Configuring Firewall on Digital Ocean and applying to a droplet
Rule: Only allow for 22(ssh), 80(http), 443(https) and 8069(odoo erp) port requests from outside.