Disabling Firewalls with Stacki Don MacVittie, Sr. Solutions Architect

Overview

•  By default, Stacki will install and configure a host firewall on each backend server it configures.

•  Currently, Stacki installs and configures iptables for each host

•  Rules allow for communication on the public network, and internally on the private network.

•  Some organizations do not like the use of iptables. This tutorial shows how to disable them.

Easy Configuration

Before Install:Disabling firewalls globally is easiest before you install servers. Simply change the global attribute named firewall to false on the Stacki server. Your installations will not enable the firewall.

stack list attr returns a large list of values global to the cluster, so we grep for the one we need to keep screen clutter down. The “G” at the end of the list lines means “Global”.

Disable for a Single Machine

•  For all global attributes in Stacki, the value can be over-ridden on a per-machine basis.So if you need to disable firewalling for a single machine, but want to keep it for all others, simply use the same commands on a single machine.

•  If the machine in question is not yet installed, this is all you’ll need to do. If it is in stalled,there’s one more step we’ll cover below.

Post install – With Reinstalling

Just tell Stacki that it needs to reinstall, and reboot the server in question. It will reinstall the OS, and then boot into it. If you’ve changed the net value = Global as over-ridden by host – for the firewall attribute, all will install as expected.

Post Install – without Reinstalling

Once the install is completed, the firewall already exists on the target system, so we’ll have to do a little more work. Once the attributes are set, the easiest way to clear a firewall is simply tell stacki to reinstall and reboot the backend server in question.But that’s not always an option, so we can use the commands below to disable firewalls without a reinstallCentOS 6.X  [root@stackidon ~]# stack iterate host backend command='/etc/init.d/iptables stop;chkconfig iptables off' CentOS 7.X [root@stackidon ~]# stack iterate host backend command='systemctl stop iptables:systemctl disable iptables'

Stacki Resources

•  There is a lot more to Stacki than this few slides can show. Join us at the linksbelow to explore Stacki’s rich command structure and see how it answers yourproblems.

Quick access to Stacki resources:•  Visit www.Stacki.com to download a pre-build ISO for RHEL/CentOS 6 & 7 and to sign up

for our charter program•  Stacki source code is available on the StackIQ GitHub: https://github.com/StackIQ/stacki•  Engage with other users and developers in the Stacki Google Group:

https://groups.google.com/forum/#!forum/stacki•  Find the detailed tutorial on disabling firewalls with Stacki on Slideshare:

http://www.slideshare.net/stackiq/stacki-firewall-tutorial

Follow us on Twitter @StackIQ