Version
Cb Response 5.x, 6.x
Issue
Iptables is missing entries preventing a Cb Response Cluster from communicating correctly
Cause
Iptables or configuration settings were manually altered after the Cb Response Server was deployed. Alternatively, during initial install the option for cbinit to customize iptables was rejected.
Solution
The Cbcheck utility adds additional entries based off /etc/cb/cb.conf and /etc/cb/cluster.conf that are necessary for a standalone server or a cluster implementation.
Note: For more information on which ports are added, check out:
Warning: The cbcheck utility doesn’t automatically add default deny rules. Check here for more information: Cb Response Server Is Accepting Traffic On All Ports
Complete these steps on all nodes:
- Check for issues:
/usr/share/cb/cbcheck iptables -l |
- Apply any new rules if needed:
/usr/share/cb/cbcheck iptables -a |
Note: For general information on iptables rules, check here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-basic-iptables-firewall-on-centos-6