Specify Basic Firewall Settings

Use the Specify basic firewall settings group policy to set up a simple exclusionary firewall on targeted computers using iptables. If you select Enabled for this group policy, the firewall will allow all outgoing traffic but block any inbound traffic, except ssh and ping, by default. To customize the firewall settings, select Enabled, then click Show to add or remove entries.

The Specify basic firewall settings group policy is defined in the centrify_linux_settings.xml administrative template.

To modify the default behavior of the policy, click Add. You can then type the appropriate entries to set up the iptables using the following format:

Name:Type:Protocol:Port:Action

where

• Name is an identifying string.
• Type is either INPUT or OUTPUT (caps are mandatory). Use INPUT to block incoming requests on the specified port and OUTPUT to block the computer from sending on that port.
• Protocol should be one of tcp, udp, icmp, or all.
• Port is the port number.
• Action is either ACCEPT or DROP.

For example, to allow connections to the computer that acts as a web server:

HTTP:INPUT:tcp:80:ACCEPT

The following example would prevent the computer from sending mail:

SMTP:OUTPUT:tcp:25:DROP

When you are finished setting up the iptables, click OK.

This group policy does not incorporate any Linux distribution or release-specific configurations to enable broad use of the policy.

Any existing tables are purged and new tables are built from the data pushed to the computer through the group policy.