Difference between revisions of "MOR iptables Chains"
(Created page with "=Description= During the switch install/update, MOR automatically created iptables chains to manage the security of the switch <br><br> ==Whitelist Chains== There are two types of whitelist chains: Chains that only have ACCEPT statements, to make sure that IPs are always whitelisted. These chains are added at the very top of the INPUT chain, to make sure that IPs are whitelisted: * MOR-IPAUTH-WHITELIST - this chain contains all IP authenticated devices/providers from t...") |
|||
| Line 1: | Line 1: | ||
=Description= | =Description= | ||
During the switch install/update, MOR automatically | During the switch install/update, MOR X18 automatically creates iptables chains to manage the security of the switch | ||
<br><br> | <br><br> | ||
Revision as of 12:53, 25 July 2025
Description
During the switch install/update, MOR X18 automatically creates iptables chains to manage the security of the switch
Whitelist Chains
There are two types of whitelist chains: Chains that only have ACCEPT statements, to make sure that IPs are always whitelisted. These chains are added at the very top of the INPUT chain, to make sure that IPs are whitelisted:
- MOR-IPAUTH-WHITELIST - this chain contains all IP authenticated devices/providers from the MOR system
- MOR-WHITELIST-GUI - this chain contains all IPs whitelisted in MOR GUI SETTINGS -> Security -> Whitelisted IPs
Chains that whitelist MOR system's IPs for specific service port(s) (for example, Elasticsearch, MySQL, Redis, etc.), and block access to that service for all other IPs.
Such chains are added into the MOR-SERVICES-WHITELIST chain, which itself, in turn, is referenced in the INPUT chain
[root@node01 ~]# iptables -LMOR-SERVICES-WHITELIST -n Chain MOR-SERVICES-WHITELIST (1 references) target prot opt source destination MOR-ES-WHITELIST 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9200,9300 MOR-MYSQL-WHITELIST 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 RETURN 0 -- 0.0.0.0/0 0.0.0.0/0
Here, for example, MOR-SERVICES-WHITELIST contains two chains:
- MOR-ES-WHITELIST - whitelist access to Elasticsearch for the MOR system IPs
- MOR-MYSQL-WHITELIST - whitelist access to MySQL for the MOR system IPs
Each chain in turn contains whitelisted IPs and DROP statement at the end:
[root@node01 ~]# iptables -LMOR-ES-WHITELIST -n Chain MOR-ES-WHITELIST (1 references) target prot opt source destination ACCEPT 6 -- YY.YY.YY.YY 0.0.0.0/0 multiport dports 9200,9300 /* VIRTUAL_IP from system.conf */ ACCEPT 6 -- XX.XX.XX.XX 0.0.0.0/0 multiport dports 9200,9300 /* External IP */ ACCEPT 6 -- 127.0.0.1 0.0.0.0/0 multiport dports 9200,9300 /* localhost access */ DROP 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9200,9300
MOR-FAIL2BAN-JUMP
- This chain is empty for now.*
MOR-FAIL2BAN-JUMP chain will contain all chains added by fail2ban. This allows us to ensure proper order chain order in the INPUT chain, as fail2ban adds chains dynamically on the first blocked IP for the jail.
Blacklist chains
MOR can contain 3 blaklist chains:
- MOR-BLOCKED-IP-FROM-GUI - this chain contains all IPs whitelisted in MOR GUI SETTINGS -> Security -> Whitelisted IPs
- MOR-BLOCK-SCANNERS - block SIP traffic for known scanners
- MOR-BLOCKED-COUNTRIES - chain is used when countries are blocked in MOR GUI SETTINGS -> Security -> Blocked Countries
