Consul FirewallD Service Definition

consul-firewalld.md

Consul FirewallD Service Definition

A simple service definition for Consul agents; meant to simplify the installation process of Consul.

This is based on the information provided by Hashicorp in the Consul Docs.

Installation

1. Download the XML file:
   • Either wget {raw_url} consul.xml
   • Or copy and paste the contents into a new file named consul.xml
2. Install the profile:
   • sudo firewall-cmd --permanent --new-service-from-file=consul.xml
3. Enable the profile:
   • sudo firewall-cmd --permanent --add-service=consul
   • Note: It is up to you to add any zones or other configurations to the line above.
4. Reload FirewallD
   • sudo firewall-cmd --reload

A Word of Caution

It is important to note that all of these ports are configurable through your Consul agent configuration. This definition is meant to give you a working firewall setup with the default configuration or provide a solid foundation for templating your own definition with your own settings.

consul.xml

<?xml version="1.0" encoding="UTF-8"?>
<service>
  <short>Consul</short>
  <description>HashiCorp Consul - A service mesh solution</description>
  <!-- DNS: The DNS server (TCP and UDP) -->
  <port protocol="tcp" port="8600" />
  <port protocol="udp" port="8600" />
  <!-- HTTP: The HTTP API (TCP Only) -->
  <port protocol="tcp" port="8500" />
  <!-- HTTPS: The HTTPs API (Suggested Port) -->
  <port protocol="tcp" port="8501" />
  <!-- gRPC: The gRPC API (Suggested Port) -->
  <port protocol="tcp" port="8502" />
  <!-- LAN Serf: The Serf LAN port (TCP and UDP) -->
  <port protocol="tcp" port="8301" />
  <port protocol="udp" port="8301" />
  <!-- WAN Serf: The Serf WAN port (TCP and UDP) -->
  <port protocol="tcp" port="8302" />
  <port protocol="udp" port="8302" />
  <!-- Server RPC address (TCP Only) -->
  <port protocol="tcp" port="8300" />
  <!-- Sidecar Proxy -->
  <port protocol="tcp" port="21000-21255" />
</service>