Difference between revisions of "Firewall Configuration"
From OSNEXUS Online Documentation Site
(Created page with "For most deployments there is no need to add firewall rules to block the standard storage services like NFS, CIFS, iSCSI. That said, for systems with ports that are facing pu...") |
m (→Blocking NFS) |
||
Line 2: | Line 2: | ||
− | == Blocking NFS == | + | == Blocking Network Share Access == |
+ | |||
+ | === Blocking NFS === | ||
If you're not using Network Shares with NFS you can block NFS service access like so: | If you're not using Network Shares with NFS you can block NFS service access like so: | ||
touch /etc/init.d/iptables.blocknfs | touch /etc/init.d/iptables.blocknfs | ||
+ | service iptables restart | ||
+ | |||
+ | === Blocking CIFS/SMB === | ||
+ | If you're not using Network Shares with CIFS/SMB Windows clients you can block SMB access to the Samba service access like so: | ||
+ | touch /etc/init.d/iptables.blocksmb | ||
+ | service iptables restart | ||
+ | |||
+ | == Blocking iSCSI Access == | ||
+ | If you're not using Storage Volumes via iSCSI you can block access to the iSCSI target service access like so: | ||
+ | touch /etc/init.d/iptables.blockiscsi | ||
service iptables restart | service iptables restart |
Revision as of 16:49, 15 May 2015
For most deployments there is no need to add firewall rules to block the standard storage services like NFS, CIFS, iSCSI. That said, for systems with ports that are facing public networks it is useful to block services that are not being used.
Contents
Blocking NFS
If you're not using Network Shares with NFS you can block NFS service access like so:
touch /etc/init.d/iptables.blocknfs service iptables restart
Blocking CIFS/SMB
If you're not using Network Shares with CIFS/SMB Windows clients you can block SMB access to the Samba service access like so:
touch /etc/init.d/iptables.blocksmb service iptables restart
Blocking iSCSI Access
If you're not using Storage Volumes via iSCSI you can block access to the iSCSI target service access like so:
touch /etc/init.d/iptables.blockiscsi service iptables restart