Saturday, April 11, 2015

CentOS 7, Zimbra 8.6 and FirewallD

I just installed Zimbra 8.6 on a fresh CentOS 7. It seems that CentOS 7 uses FirewallD service by default instead of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old iptables and iptables6 scripts in /etc/init.d directory. Nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less I don't like when I see that someone recommends some critical security services/protections to be just turned off. Those services are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re for a reason, and turning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m off sounds to me like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old bad recommendation of chmod'ing everything to 777 when something didn't work. Anyway, I didn't turn off SELinux and Zimbra works as expected. What I needed is to configure FirewallD to allow access to mail services from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. Turns out it isn't so hard as everything is already provided. Basically, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following services have to be enabled in your zone:
  • dns
  • https
  • imaps
  • smtp
To permanently enable each of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 aforementioned services, use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
firewall-cmd --permanent --add-service
Note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 given command doesn't activate access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 service until you restart FirewallD. Anyway, that's it.

As a final note, I didn't allow access to admin port 7171. The reason is that I'm not so comfortable with allowing Internet wide access to admin console. To access admin console, I'm going to use ssh tunneling. Basically, I'll forward local port 7171, over ssh, to port 7171 on loopback interface of mail server. In case you are unlike me, and don't have problems with allowing access to that port, use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
firewall-cmd --permanent --add-port=7171/tcp
Again, don't forget to restart FirewallD after issuing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 given command.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive