Tech C**P
@technical_notes
14 subscribers
161 photos
9 videos
59 files
304 links
مدرس و برنامه نویس پایتون و لینوکس @alirezastack
Download Telegram
About
Blog
Apps
Platform
Join
Tech C**P
14 subscribers
Tech C**P
Allow outgoing requests through server with CSF (ConfigServer Security & Firewall)


If by debugging you can confirm that your server cannot see external port but other servers can, just add the desired port to CSF with the destination IP address in the format of tcp/udp|in/out|s/d=port|s/d=ip in /etc/csf/csf.allow:

tcp|out|d=1080|d=15.9.8.223
The above line is advanced port+ip filtering which opens 1080 port on 15.9.8.223 destination server. You can just enter onr IP address per line to be allowed through iptables. In order to apply new changes just enter csf -r in command line after saving the above filter.

NOTE: one IP address per line is mandatory.


NOTE: CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)


NOTE: Only list IP addresses, not domain names (they will be ignored)


#linux #csf #iptables
69 viewsAlireza Hos., edited  
Tech C**P
Configure Linux iptables Firewall for MongoDB

In order to harden your network infrastructure in linux, you need to monitor all incoming and outgoing traffic and only allow connections from servers that are trusted. For that reason we use iptables in linux. Each record in iptables is either an INPUT record or an OUTPUT record that controls all incoming traffic and all outgoing traffic.

With records below in iptables we explicitly allow traffic to the mongod instance from the application server. In the following examples, replace <ip-address> with the IP address of the application server:

iptables -A INPUT -s <ip-address> -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -d <ip-address> -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT

The first rule allows all incoming traffic from <ip-address> on port 27017, which allows the application server to connect to the mongod instance. The second rule, allows outgoing traffic from the mongod to reach the application server.

The default policy for iptables chains is to allow all traffic. After completing all iptables configuration changes, you must change the default policy to DROP so that all traffic that isn’t explicitly allowed as above will not be able to reach components of the MongoDB deployment. Issue the following commands to change this policy:

iptables -P INPUT DROP
 iptables -P OUTPUT DROP

DANGER: do not issue the above commands if you are not fully aware of what you are doing!


#mongodb #linux #iptables #security
85 viewsAlireza Hos.