Question : Install and configure firewalld on all app servers.
a. Allow all incoming connections on Nginx port.
b. Allow incoming connections from LB host only on Apache port and block for all others.
c. All rules must be permanent.
d. Zone should be public.
e. If Apache or Nginx services aren't running already, please make sure to start them.
Please Note :- Perform the below commands based on your question server, user name & other details might differ . So please read task carefully before executing. All the Best 👍
Solution:
1. At first login on App server ssh tony@stapp01
2. Switch to root user : sudo su -
3. Run Below command to check the existing Apache httpd & Nginx service status.
systemctl status httpd && systemctl status nginx
4. Get the Apache & Nginx Listen port by using the below command
grep -i Listen /etc/httpd/conf/ht* /etc/nginx/nginx.conf
5. Now Install Firewalld : yum install -y firewalld
6. Start the firewalld service , Enable and Check the status
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
7. Allow the nginx port
( Please make sure, you use nginx port, refer Point 4. Above)
firewall-cmd --permanent --zone=public --add-port=8096/tcp
8. Allow services http & https port
firewall-cmd --permanent --zone=public --add-service={http,https}
9. Allow the Apache http port with LB host IP
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address=172.16.238.14 port protocol=tcp port=8083 accept'
10. Reload firewalld service to take effect & validate the rules
Happy Learning!!!!
0 Comments