Firewall Rules on Linux Managed Servers
Firewall rules for managed Linux servers, best practices, and how to get assistance.
This article applies to: Managed Servers
Linux firewall rules can be applied in two ways:
- For a group (class) of servers. (See the Server Farm Account Management page for more information about classes.)
- For an individual server.
Best Practice: Standardize Rules using Classes of Servers
When planning firewall rules for your servers, it's helpful to use classes (groups of servers). For example, placing a set of Dev/Test/Prod servers in one class means you can apply firewall rule changes to the entire class and keep all of the configurations for that group identical.
Using classes for firewall rules can greatly reduce inconsistencies between environments, leading to fewer problems with deployment. See the Server Farm Account Management page for more information about classes.
To see a list of classes on a server and firewall rules applied to those classes, connect to the Centralized Unix Configuration Information System at https://unixcfg.serverfarm.cornell.edu/.
Request a Firewall Rule
Send an email to firstname.lastname@example.org. Include the following:
- If using classes, provide the class name.
- If doing an individual server, provide the server name, and specific IPs, if the host is multi-homed.
- Remote IP address or range of addresses.
- Port number(s) which need to be opened.
Access Control Lists (ACLs) and Network Firewalls
It is possible that in addition to firewall rules on the server, network Access Control Lists (ACLs) or network Firewalls will need to be modified. The Systems Support group will adjust ACLs and Extra Tier firewall rules if required.
For ACLs or Firewalls on the remote machines, coordinate with the people responsible on that end.