CloudShark Support

Firewall Configuration

Firewall Configuration

CloudShark can be installed on CentOS/RHEL versions 6.x or 7.x. The firewall is one of the components of the operating system that has been updated between versions. CentOS/RHEL 6.x use the iptables service to configure the firewall while CentOS/RHEL 7.x use firewalld to configure the firewall. Here are some helpful commands that you can use to add or delete firewall rules on each operating system. These two firewalls are capable of very complex firewall rules so refer to their specific documentation if you need a specific configuration.

If you were brought here from a separate CloudShark support page it should have told you the protocol, destination port, and service name necessary to configure the firewall rule. If it did not include this information please e-mail so that we can add this information.

Every command listed in this document is intended to be run by the root user.

CentOS/RHEL 6.x

Full documentation located here.

The commands below that modify the current rules for the firewall will not be preserved when the device is rebooted or if the firewall service is restarted unless the following command is run:

# service iptables save

Show Current Rules

# iptables -L

Add Rule

# iptables -I INPUT 1 -p <protocol> -i <interface name> --dport <destination port> -j ACCEPT

Specifying the interface is optional and if this is left out the rule will apply to all of the network interfaces.

Delete Rule

# iptables -D INPUT <line number of rule>

When deleteing a rule by its line number it can be helpful to view the list of rules with their corresponding line numbers. The following command will output the line number as well as the rule:

# iptables -L --line-numbers

CentOS/RHEL 7.x

Full documentation located here.

Firewalld configures zones to apply firewall rules to and interfaces are then assigned to zones.

Note that the following rules will not apply to the system automatically. After modifying the firewall rules run the following command for these updated rules to take effect:

# firewall-cmd --reload

These commands also make use of a service name rather than a protocol and port pair such as port 80 running over tcp. The service name for this example would be http. The services are defined in the /etc/services file with each service on its own line. For example the http service is defined as:

http            80/tcp          www www-http    # WorldWideWeb HTTP
http            80/udp          www www-http    # HyperText Transfer Protocol
http            80/sctp                         # HyperText Transfer Protocol

Show Active Zones

This command will show the zones in use and the interfaces assigned to each zone.

# firewall-cmd --get-active-zones

Any interfaces you plan to use to access CloudShark should be placed in the public zone by default unless you have a custom firewall configuration.

Show Current Rules For Zone

This command will show the current firewall rules for a zone.

# firewall-cmd --zone=<zone name> --list-all

Here is an example of this command:

# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: eth0
  services: http ssh
  masquerade: no
  rich rules:

In the example above take a look at the services line which states which services are allowed for this zone. For this example only the http and ssh services are allowed incoming through the firewall.

Add Rule

By default all services will be blocked by firewalld. To allow a service through the firewall use the following command:

# firewall-cmd --permanent --zone=<zone name> --add-service=<Service Name>

Delete Rule

To remove a service from a zone and block this traffic use the following command:

# firewall-cmd --permanent --zone=<zone name> --remove-service=<Service Name>

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: