Configuring the Firewall on ArcMC Appliance

Your ArcMC Appliance includes a script that you can use to configure the firewall. This script looks at your current ArcMC configuration and decides what ports to keep open. Alternatively, you can configure the firewall on your appliance as you would on any server, by editing iptables-config and white-listing the appropriate ports.

When called without arguments, the /usr/sbin/arcfirewall script previews and displays the ports that it will keep open, but takes no action to alter the firewall configuration. To alter firewall configuration, use the -set option.

To preview the list of ports the script will open:

1. Log into the appliance as root.

2. Run the following command: 

   /usr/sbin/arcfirewall

The script displays the ports that it would open, as shown in the following example.

[root@myserver ~]# /usr/sbin/arcfirewall
PREVIEW MODE - NO FIREWALL CHANGES...
List of ports that firewall would allow inbound from any IP address:
21/tcp
22/tcp
443/tcp
9001/tcp
9002/tcp
9003/tcp
9004/tcp
9005/tcp
9006/tcp
9007/tcp
9008/tcp
123/udp

To configure the firewall:

1. Log into the appliance as root.

2. Run the following command: 

   [root@myserver ~]# /usr/sbin/arcfirewall --set

The script configures the firewall leaving the previewed ports open.

If you configure an ArcMC appliance local container, assign it a network port, then run arcfirewall, the script will detect that the new port should be opened and list it in the preview of ports. You can then run arcfirewall with the --set option, as described above, to actually open the port.

If arcfirewall is not run, and the port not opened, the connector will not receive any events.