Use the Specify basic firewall settings group policy to set up a simple exclusionary firewall on targeted computers using
iptables. If you select Enabled for this group policy, the firewall will allow all outgoing traffic but block any inbound traffic, except
ping, by default. To customize the firewall settings, select Enabled, then click Show to add or remove entries.
The Specify basic firewall settings group policy is defined in the
centrify_linux_settings.xml administrative template.
To modify the default behavior of the policy, click Add. You can then type the appropriate entries to set up the
iptables using the following format:
Nameis an identifying string.
OUTPUT(caps are mandatory). Use
INPUTto block incoming requests on the specified port and
OUTPUTto block the computer from sending on that port.
Protocolshould be one of
Portis the port number.
For example, to allow connections to the computer that acts as a web server:
The following example would prevent the computer from sending mail:
When you are finished setting up the
iptables, click OK.
This group policy does not incorporate any Linux distribution or release-specific configurations to enable broad use of the policy.
Any existing tables are purged and new tables are built from the data pushed to the computer through the group policy.