This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Firewall for eLux devices
To secure your eLux devices with a firewall, for example to allow exactly one more connection besides the connection to the Scout Server, use the eLux Firewall support package, which allows you to define appropriate rules.
By default, nftables are used.Alternatively, the iptables syntax can be used.
Once the eLux Firewall support package is installed, the firewall rules are applied on system start.By default, only data packets that are required for communication with the Scout Server are allowed to pass.To allow further connections, define filtering rules and transfer them to the devices in a file.
If the Firewall support package has been installed on the device without filtering rules, the firewall will only start if the feature package Strict firewall policy is installed.Then communication between the Scout Server and the device is established via the management protocol (port 22125) and no other communication is allowed.
Configuring firewall rules (nftables)
Note:
The eLux package Firewall support and the included feature packages eLux firewall plugin and firewall nftables programs and libraries must be installed on the devices.This may require modifications of the image definition file on the web server via ELIAS.
-
Create the nftables.conf file according to the following example:
table ip filter {chain input {tcp dport 22 accepttcp sport 80 accept}chain output {tcp sport 22 accepttcp dport 80 accept}}In the example, outgoing http and incoming ssh connections are accepted.
-
Transfer the files to the devices to /setup/firewall/nftables.conf.To do so, use the Scout feature Files configured for transfer. For further information, see in the Scout guide.
Configuring firewall rules (iptables)
Note:
The eLux package [Firewall support] and the included feature packages [eLux firewall plugin] and [Firewall iptables compatibility programs and libraries] must be installed on the [devices].This may require modifications of the image definition file on the web server via ELIAS.
-
Create the file rules.v4 for IPV4 or rules.v6 for IPV6.Use the iptables syntax for the rules.
-
Transfer the files to the devices to /setup/firewall/rules.v4 or /setup/firewall/rules.v6, respectively.To do so, use the Scout feature [Files configured for transfer].
For further information, see in the Scout guide.
All rule files are included in the Diagnostics feature and are part of the System template.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.