Most production environments use firewalls as part of an overall network security strategy. If you need multiple server instances to communicate with each other or with external services such as web servers or databases, your firewall must take this into account. A well-managed firewall only opens the ports which are necessary for operation, and limits access to the ports to specific IP addresses, subnets, and network protocols.
A full discussion of firewalls is out of the scope of this documentation.Prerequisites
Determine the ports you need to open.An understanding of your firewall software is required. This procedure uses the system-config-firewall command in Red Hat Enterprise Linux 6. Microsoft Windows Server includes a built-in firewall, and several third-party firewall solutions are available for each platform.
AssumptionsThis procedure configures a firewall in an environment with the following assumptions:
The operating system is Red Hat Enterprise Linux 6. JBoss EAP 6 runs on host 10.1.1.2 . Optionally, the server has its own firewall.The network firewall server runs on host 10.1.1.1 on interface eth0 , and has an external interface eth1 .
You want traffic on port 5445 (a port used by JMS) forwarded to JBoss EAP 6. No other traffic should be allowed through the network firewall.
Procedure 9.1. Manage Network Firewalls and JBoss EAP 6 to work together
Click the Profiles label at the top right of the Management Console. At the left side of the screen, a series of menus is shown. The bottom menu heading is General Configuration . Click the Socket Binding item below this heading. The Socket Binding Declarations screen appears. Initially, the standard-sockets group is shown. You can choose a different group by selecting it from the combo box on the right-hand side.
Note If you use a standalone server, it has only one socket binding group.The list of socket names and ports is shown, eight values per page. You can go through the pages by using the arrow navigation below the table.
Depending on the function of the particular port and the requirements of your environment, some ports may need to be opened on your firewall.
Perform these steps to configure your network firewall to allow traffic on the desired port. Log into your firewall machine and access a command prompt, as the root user.Issue the command system-config-firewall to launch the firewall configuration utility. A GUI or command-line utility launches, depending on the way you are logged into the firewall system. This task makes the assumption that you are logged in via SSH and using the command-line interface.
Use the TAB key on your keyboard to navigate to the Customize button, and press the ENTER key. The Trusted Services screen appears.
Do not change any values, but use the TAB key to navigate to the Forward button, and press ENTER to advanced to the next screen. The Other Ports screen appears.
Use the TAB key to navigate to the button, and press ENTER . The Port and Protocol screen appears.Enter 5445 in the Port / Port Range field, then use the TAB key to move to the Protocol field, and enter tcp . Use the TAB key to navigate to the OK button, and press ENTER .