Firewall Configuration
To allow external clients to connect to ATSD services, grant access to specific ports on which the database is listening or disable the firewall on the database server.
Database Ports
| Port | Network Protocol | Application/ Data Protocol | Service |
|---|---|---|---|
| 1099 | TCP | JMX | JMX server |
| 8081 | TCP | line | Network command processor |
| 8082 | UDP | line | Network command processor |
| 8084 | TCP | pickle | Graphite command processor |
| 8088 | TCP | HTTP | Web interface, REST API |
| 8443 | TCP | HTTPS | Web interface, REST API |
Disable Firewall
Ubuntu/Debian
ufw disable
CentOS / RHEL
systemctl disable firewalld
Allow Port Access
iptables -I INPUT -p tcp --dport 8081 -j ACCEPT
iptables -I INPUT -p udp --dport 8082 -j ACCEPT
iptables -I INPUT -p tcp --dport 8088 -j ACCEPT
iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
Persisting Firewall Rules
Ubuntu/Debian
Install the iptables-persistent package
apt-get install iptables-persistent
During the installation you are asked to save existing rules.
Rules are saved to /etc/iptables/rules.v4 and /etc/iptables/rules.v6 for IPv4 and IPv6, respectively.
The saved rules can be updated:
By running
dpkg-reconfigure iptables-persistent, orBy executing the
iptables-savecommands:
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
CentOS / RHEL
sed -i "s/IPTABLES_SAVE_ON_STOP=\"no\"/IPTABLES_SAVE_ON_STOP=\"yes\"/g" \
/etc/sysconfig/iptables-config
sed -i "s/IPTABLES_SAVE_ON_RESTART=\"no\"/IPTABLES_SAVE_ON_RESTART=\"yes\"/g" \
/etc/sysconfig/iptables-config
/etc/init.d/iptables save
SUSE
echo "FW_SERVICES_EXT_TCP=\"8081 8082 8088 8443\"" \
>> /etc/sysconfig/SuSEfirewall2
/sbin/SuSEfirewall2