Difference between revisions of "Firewall Configuration"
m (→Blocking Network Share Access) |
m |
||
Line 1: | Line 1: | ||
− | For most deployments there is no need to add firewall rules to block the standard storage services like NFS, CIFS, iSCSI. That said, for systems deployed with elevated security requirements or systems with ports that are facing public networks it is useful to block services that are not being used. The following sections outline how to block various storage services within QuantaStor using firewall rules. | + | For most deployments there is no need to add firewall rules to block the standard storage services like NFS, CIFS, iSCSI and by default QuantaStor appliances ''do not'' have firewalls blocking standard services. That said, for systems deployed with elevated security requirements or systems with ports that are facing public networks it is useful to block services that are not being used. The following sections outline how to block various storage services within QuantaStor using firewall rules. |
+ | |||
+ | == Re-enabling Service Access == | ||
+ | To re-enable access to a specific service just remove the associated touch file and restart iptables. For example, to remove the firewall rules for access to NFS: | ||
+ | rm /etc/init.d/iptables.blocknfs | ||
+ | service iptables restart | ||
== Blocking Network Share access via NFS == | == Blocking Network Share access via NFS == | ||
Line 15: | Line 20: | ||
If you're not using Storage Volumes via iSCSI you can block access to the iSCSI target service access like so: | If you're not using Storage Volumes via iSCSI you can block access to the iSCSI target service access like so: | ||
touch /etc/init.d/iptables.blockiscsi | touch /etc/init.d/iptables.blockiscsi | ||
+ | service iptables restart | ||
+ | |||
+ | == Blocking GlusterFS Access == | ||
+ | If you're not using Gluster, you can block access to it like so: | ||
+ | touch /etc/init.d/iptables.blockgluster | ||
service iptables restart | service iptables restart |
Revision as of 16:55, 15 May 2015
For most deployments there is no need to add firewall rules to block the standard storage services like NFS, CIFS, iSCSI and by default QuantaStor appliances do not have firewalls blocking standard services. That said, for systems deployed with elevated security requirements or systems with ports that are facing public networks it is useful to block services that are not being used. The following sections outline how to block various storage services within QuantaStor using firewall rules.
Contents
Re-enabling Service Access
To re-enable access to a specific service just remove the associated touch file and restart iptables. For example, to remove the firewall rules for access to NFS:
rm /etc/init.d/iptables.blocknfs service iptables restart
If you're not using Network Shares with NFS you can block NFS service access like so:
touch /etc/init.d/iptables.blocknfs service iptables restart
If you're not using Network Shares with CIFS/SMB Windows clients you can block SMB access to the Samba service access like so:
touch /etc/init.d/iptables.blocksmb service iptables restart
Blocking Storage Volume / iSCSI Access
If you're not using Storage Volumes via iSCSI you can block access to the iSCSI target service access like so:
touch /etc/init.d/iptables.blockiscsi service iptables restart
Blocking GlusterFS Access
If you're not using Gluster, you can block access to it like so:
touch /etc/init.d/iptables.blockgluster service iptables restart