Configuring custom firewall rules

Last Updated : Sep 21, 2021 |

About this task

Session Manager allows you to configure additional firewall rules over and above the set of rules that are provided and configured at system startup and dynamically at runtime. Use the procedure listed below, to retain the firewall rules after system restart and upgrade. The custom rules are set after Session Manager's default rules are set, but before the dynamic runtime rules.

Before you begin

Prior knowledge of linux command line utility for configuring firewall rules, nft, is required. Session Manager provided utility, snfw is a wrapper script for nft that also stores the rules that can be reconfigured on system reboots and upgrades. You can view the help for this feature by running snfw --help.

Note:

Please validate your firewall rule using nft before using snfw.

Procedure

To add a rule, use the --nft-custom-add option.
For example, the following command opens port 12345 for TCP at a priority of 0 on eth0 in the output chain:
```
snfw --nft-custom-add inet filter output oif "eth0" tcp dport 12345 counter accept
```
To list all the custom rules that are configured on the system, use the --nft-custom-list option.
For example,
```
snfw --nft-custom-list
```
To remove a rule, use the --nft-custom-remove option.
For example, the following command removes the rule added in step 1:
```
snfw --nft-custom-delete inet filter output oif \"eth0\" tcp dport 12345 counter accept
```

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found