Version

Cb Response 5.x, 6.x

Issue

Iptables is missing entries preventing a Cb Response Cluster from communicating correctly

Cause

Iptables or configuration settings were manually altered after the Cb Response Server was deployed. Alternatively, during initial install the option for cbinit to customize iptables was rejected.

Solution

The Cbcheck utility adds additional entries based off /etc/cb/cb.conf and /etc/cb/cluster.conf that are necessary for a standalone server or a cluster implementation.

Note: For more information on which ports are added, check out: 
6.1 Chapter 4 Ports and Protocols: Carbon Black Response v6.1 - Server/Cluster Management Guide 
5.2/5.3: Appendix E Ports and Protocols: Carbon Black Response v5.2/5.3x - User Guide (On-Prem)

Warning: The cbcheck utility doesn’t automatically add default deny rules. Check here for more information: Cb Response Server Is Accepting Traffic On All Ports 

Complete these steps on all nodes:

1. Check for issues:
   

   /usr/share/cb/cbcheck iptables -l

2. Apply any new rules if needed:
   

   /usr/share/cb/cbcheck iptables -a

Note: For general information on iptables rules, check here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-basic-iptables-firewall-on-centos-6