Skip to content
Permalink
Browse files

Firewall services configuration

  • Loading branch information...
NEMS Linux
NEMS Linux committed Feb 27, 2019
1 parent 5e91f75 commit 789a1fb9759660cae3435c975143ba0f9b587a5c
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NEMS 9590 Listener</short>
<description>A simple port listener which is used in NEMS Linux educational exercises.</description>
<port protocol="tcp" port="9590"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<!-- This is a firewalld service definition for Cockpit -->
<short>Cockpit</short>
<description>Cockpit lets you access and configure your server remotely.</description>
<port protocol="tcp" port="9090"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>DHCP</short>
<description>This allows a DHCP server to accept messages from DHCP clients and relay agents.</description>
<port protocol="udp" port="67"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>DHCPv6 Client</short>
<description>This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.</description>
<port protocol="udp" port="546"/>
<destination ipv6="fe80::/64"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>DHCPv6</short>
<description>This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.</description>
<port protocol="udp" port="547"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>DNS</short>
<description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
<port protocol="tcp" port="53"/>
<port protocol="udp" port="53"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NEMS Dashboard Standard Connection</short>
<description>Allows insecure http elements to be accessed on NEMS Linux. If you wish to access your NEMS Dashboard, keep this enabled. Disable to block all traffic on port 80.</description>
<port protocol="tcp" port="80"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NEMS Dashboard Secure Connection</short>
<description>This allows access to the NEMS Dashboard using https. Keep this enabled if you wish to access NEMS via the browser. Disable it to block all traffic on port 443.</description>
<port protocol="tcp" port="443"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Multicast DNS (mDNS)</short>
<description>mDNS (which supports avahi) allows you to access your NEMS Linux server via its hostname (ie., nems.local) instead of IP address. It is recommended to leave this enabled.</description>
<port protocol="udp" port="5353,5354"/>
<destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>monit</short>
<description>Monitors critical services (such as Nagios and Apache2) on your NEMS server and re-starts them if they crash. Disabling this will only remove your ability to access the web interface, but will not disable the service.</description>
<port protocol="tcp" port="2812"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RPi-Monitor</short>
<description>A system dashboard available on Raspberry Pi-based NEMS servers.</description>
<port protocol="tcp" port="8888"/>
</service>
@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Samba</short>
<description>Samba allows you to access your NEMS Migrator backup and your NEMS user home folder as network shares in Windows (via \\nems.local) or Mac/Linux (via smb://nems.local).</description>
<port protocol="udp" port="137"/>
<port protocol="udp" port="138"/>
<port protocol="tcp" port="139"/>
<port protocol="tcp" port="445"/>
<module name="nf_conntrack_netbios_ns"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SNMP</short>
<description>Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server).</description>
<port protocol="tcp" port="161"/>
<port protocol="udp" port="161"/>
</service>
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SNMPTRAP</short>
<description>SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.</description>
<port protocol="tcp" port="162"/>
<port protocol="udp" port="162"/>
</service>
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>

0 comments on commit 789a1fb

Please sign in to comment.
You can’t perform that action at this time.