Slim down Firewall port definitions

RedHatOfficial / ansible-role-redhat_satellite6_installation

Ansible Automation of Red Hat Satellite 6 Installation

MIT License

19 stars 30 forks source link

Slim down Firewall port definitions #19

Open stdevel opened 5 years ago

stdevel commented 5 years ago

The Satellite firewall port definitions could be cleaned up:

satellite_deployment_fw_ports:
    - 22/tcp
    - 80/tcp
    - 443/tcp
    - 5646/tcp
    - 5647/tcp
    - 5671/tcp
    - 5674/tcp
    - 8140/tcp
    - 9090/tcp
    - 53/udp
    - 53/tcp
    - 67/udp
    - 68/udp
    - 69/udp

22/tcp is part of the ssh service, using this instead of defining a port would be better
I can't find any information that Satellite requires 5674/tcp, IIRC it is used for HyperSCSI
all other ports are part of the RH-Satellite-6 firewalld service

leogallego commented 5 years ago

It seems port 5674 used to be required in Satellite 6.1 for AMQP broker communications.

Quoting from the Satellite 6.1 install guide:

Port 5674 must be open for advanced message queueing protocol (amqp) connections with managed systems

Added firewall port 5674 for amqp connections and SELinux considerations for amqp in the prerequisites section.

stdevel commented 5 years ago

Good to know, maybe this port is part of the firewalld service RH-Satellite-6 in RHEL 6.1? Will have a look. I want to avoid adding it in later versions if it is unused.