Firewall setup (Linux) 

 

On the MailArchiva server, create the file /etc/iptables.rules, with the content below.

 

#!/bin/bash

# Flush existing rules
iptables -F
iptables -X

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTP (port 80)
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTPS (port 443)
iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming SMTP (port 25)
iptables -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow DNS (port 53, TCP/UDP)
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Allow PING (ICMP)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Allow incoming JMX (ports 1099 and 9010)
iptables -A INPUT -p tcp --dport 1099 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 9010 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming SNMP (port 161) and SNMP trap (port 162)
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 162 -j ACCEPT
 

 

Persist the rules as follows:

 

sudo iptables-restore < /etc/iptables.rules
sudo iptables-save > /etc/sysconfig/iptables
sudo systemctl enable iptables
sudo systemctl restart iptables

 

 

© 2005 - 2024 ProProfs

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

-