No thoughts anywhere, from anyone?
I guess worst case scenario is that I have a VMWare console window open to the MC, via SSH do the delete-and-add-back-all-rules then write, and if something isn't right at that point and I lose access, I should be able to check what firewall cp looks like from the console, and edit as necessary.
Sound reasonable?
------------------------------
Nathan
------------------------------
Original Message:
Sent: Feb 08, 2023 04:42 AM
From: n.millward
Subject: Mobility Conductor firewall cp
I've struggled to find an answer by searching, so hoping someone can answer my question as I have no way to test this beforehand.
I need to change an overly restrictive firewall cp ruleset. It looks like this:
firewall cp
ipv4 permit x.x.x.x 255.255.255.248 proto 6 ports 22 22
ipv4 deny any proto 6 ports 22 22
ipv6 permit any proto 6 ports 15260 15260
ipv6 deny any proto 0 ports 0 65535
I need to add
ipv4 permit y.y.y.y 255.255.255.0 proto 6 ports 22 22
My grasp of this is that if I simply add the new rule, it'll be appended to the bottom of the ACL above, and so will be useless.
There appears to be no rule numbering, (10, 20, 30, 40) so I can't add in '15' like in a Cisco ACL that would sit nicely between 10 and 20.
So what exactly do I do here without losing access to the ssh session where I'll be making the change? Do I delete firewall cp to remove all the rules below, then add it all back along with my new rule, then exit and write mem? It feels like it might be that simple, but wrong = trouble.
Thanks.
N