Documentation for iptables rules requirements
Whilst it might not be the most difficult thing to track down the firewall requirements for Foreman when installing on systems which require iptables lockdown, there doesn't seem to be any mention of the requirements in the documentation.
It would be helpful if there was advice on which ports/protocols are required for foreman deployments of different types. i.e. Foreman standalone, separate database, various types of smart-proxy etc.
Happy to help with writing this up - will be my first effort in Markdown though. Is there a definitive list of port requirements anywhere? Assistance on where this would fit in the documentation would also be a help.
#1 Updated by Dominic Cleal about 5 years ago
Thanks for the offer, that'd be much appreciated.
So the following ports are usually used:
- HTTP (80/tcp), HTTPS (443/tcp) for access to Foreman
- 8443/tcp for access to the proxy - should only be opened to the Foreman host if they're separate
- 8140/tcp for the Puppet master
- 67-68/udp for DHCP proxy servers
- 69/udp for TFTP proxy servers (installed by default on the Foreman all-in-one)
- 53/udp and 53/tcp for DNS proxy servers
I would suggest repurposing section 3.1 in the manual from "Supported Platforms" to System or Installation Requirements, move platforms to 3.1.1 and add network/firewall config into 3.1.2 or similar.
The source for the manual is on GitHub in the theforeman.org project. Here's section 3.1 specifically: https://github.com/theforeman/theforeman.org/blob/gh-pages/_includes/manuals/1.3/3.1_platforms.md. As you said, it's Markdown, but the formatting's easy.
The sections are managed and put together in this top level file:
See the repo README file for how to bring up a test instance of the website locally too.
#4 Updated by Dominic Cleal about 5 years ago
- Status changed from New to Closed
- Assignee set to Duncan Innes
- Target version set to 1.15.0
- % Done changed from 0 to 100
- Legacy Backlogs Release (now unused) set to 1
Merged via https://github.com/theforeman/theforeman.org/pull/102. Thanks Duncan!