Hi All,
Does anyone have a recipe for permanently modifying the firewall rules on their PerfSONAR boxes?
I’d like to restrict the ssh to local networks and open it up to our monitoring systems but the only help in the PerfSONAR doc<https://docs.perfsonar.net/manage_security.html>s is:
For operating systems using firewalld (e.g. CentOS 7) it organizes the rules into “zones” and makes it more difficult to distinguish perfSONAR rules from custom rules. If you add a standard service to the zone it will get overwritten next time perfsonar-toolkit-security upgrades. We recommend looking at firewalld rich rules<https://fedoraproject.org/wiki/Features/FirewalldRichLanguage> for adding custom rules.
And I haven’t yet had chance to get my head round firewalld yet (it’s on my todo list, I expect to get to it sometime in after I retire, if nothing else comes up in the meantime).
Yours,
Chris.
########################################################################
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
|