This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Knowledge Base
- How to write iptable rules in Netwitness Platform 11.X appliances
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to write iptable rules in Netwitness Platform 11.X appliances
Article Number
000001041
Applies To
RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Issue
In Netwitness 11.X appliances, editing /etc/sysconfig/iptables file using vi editor will not hold the changes permanently even after applying Netwitness.json settings
Resolution
Please use below steps to add custom rules in iptables.
- Run "iptables -L --line-numbers" command. This would list out the rules with line numbers.
Sample output:#iptables -L --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 DROP all -- anywhere anywhere ctstate INVALID 4 ACCEPT tcp -- anywhere anywhere tcp multiport dports domain /* dnsmasq-tcp-port */ ctstate NEW 5 ACCEPT udp -- anywhere anywhere udp multiport dports domain /* dnsmasq-udp-port */ ctstate NEW 6 ACCEPT tcp -- anywhere anywhere tcp multiport dports ssh /* SSH */ ctstate NEW 7 ACCEPT udp -- anywhere anywhere udp multiport dports ntp /* ntp */ ctstate NEW 8 ACCEPT tcp -- anywhere anywhere tcp multiport dports 4505,4506 /* salt master ports */ ctstate NEW 9 ACCEPT tcp -- anywhere anywhere tcp multiport dports amqps /* rabbitmq-amqp */ ctstate NEW 10 ACCEPT tcp -- anywhere anywhere tcp multiport dports 15671 /* rabbitmq-mgmt */ ctstate NEW 11 ACCEPT udp -- anywhere anywhere udp multiport dports 50514 /* rsaAuditPorts */ ctstate NEW 12 ACCEPT tcp -- anywhere anywhere tcp multiport dports 27017 /* mongo-listen-port */ ctstate NEW 13 ACCEPT tcp -- anywhere anywhere tcp multiport dports http,https /* nginxPort */ ctstate NEW 14 ACCEPT tcp -- anywhere anywhere tcp multiport dports 51114 /* rsasoc_re */ ctstate NEW 15 ACCEPT tcp -- anywhere anywhere tcp multiport dports 50006,50106,56006 /* nwappliancePorts */ ctstate NEW 16 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-rmtsys /* LaunchPort */ ctstate NEW 17 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-errors /* LaunchPort */ ctstate NEW 18 ACCEPT tcp -- anywhere anywhere tcp multiport dports talon-webserver /* LaunchPort */ ctstate NEW 19 ACCEPT tcp -- anywhere anywhere tcp multiport dports talon-engine /* LaunchPort */ ctstate NEW 20 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-kaserver /* LaunchPort */ ctstate NEW 21 ACCEPT tcp -- anywhere anywhere tcp multiport dports ups-onlinet /* LaunchPort */ ctstate NEW 22 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-vlserver /* LaunchPort */ ctstate NEW 23 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-prserver /* LaunchPort */ ctstate NEW 24 ACCEPT tcp -- anywhere anywhere tcp multiport dports 50003,50103,56003 /* nwbrokerPorts */ ctstate NEW 25 DROP all -- anywhere anywhere - Run "iptables -I INPUT 25 -p udp -m udp --dport 161 -j ACCEPT" command to add new rule above DROP rule.
- Run "service iptables save" command.
- Verify the changes using below.
# iptables -L --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 DROP all -- anywhere anywhere ctstate INVALID 4 ACCEPT tcp -- anywhere anywhere tcp multiport dports domain /* dnsmasq-tcp-port */ ctstate NEW 5 ACCEPT udp -- anywhere anywhere udp multiport dports domain /* dnsmasq-udp-port */ ctstate NEW 6 ACCEPT tcp -- anywhere anywhere tcp multiport dports ssh /* SSH */ ctstate NEW 7 ACCEPT udp -- anywhere anywhere udp multiport dports ntp /* ntp */ ctstate NEW 8 ACCEPT tcp -- anywhere anywhere tcp multiport dports 4505,4506 /* salt master ports */ ctstate NEW 9 ACCEPT tcp -- anywhere anywhere tcp multiport dports amqps /* rabbitmq-amqp */ ctstate NEW 10 ACCEPT tcp -- anywhere anywhere tcp multiport dports 15671 /* rabbitmq-mgmt */ ctstate NEW 11 ACCEPT udp -- anywhere anywhere udp multiport dports 50514 /* rsaAuditPorts */ ctstate NEW 12 ACCEPT tcp -- anywhere anywhere tcp multiport dports 27017 /* mongo-listen-port */ ctstate NEW 13 ACCEPT tcp -- anywhere anywhere tcp multiport dports http,https /* nginxPort */ ctstate NEW 14 ACCEPT tcp -- anywhere anywhere tcp multiport dports 51114 /* rsasoc_re */ ctstate NEW 15 ACCEPT tcp -- anywhere anywhere tcp multiport dports 50006,50106,56006 /* nwappliancePorts */ ctstate NEW 16 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-rmtsys /* LaunchPort */ ctstate NEW 17 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-errors /* LaunchPort */ ctstate NEW 18 ACCEPT tcp -- anywhere anywhere tcp multiport dports talon-webserver /* LaunchPort */ ctstate NEW 19 ACCEPT tcp -- anywhere anywhere tcp multiport dports talon-engine /* LaunchPort */ ctstate NEW 20 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-kaserver /* LaunchPort */ ctstate NEW 21 ACCEPT tcp -- anywhere anywhere tcp multiport dports ups-onlinet /* LaunchPort */ ctstate NEW 22 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-vlserver /* LaunchPort */ ctstate NEW 23 ACCEPT tcp -- anywhere anywhere tcp multiport dports afs3-prserver /* LaunchPort */ ctstate NEW 24 ACCEPT tcp -- anywhere anywhere tcp multiport dports 50003,50103,56003 /* nwbrokerPorts */ ctstate NEW 25 ACCEPT udp -- anywhere anywhere udp dpt:snmp 26 DROP all -- anywhere anywhere
No ratings
