Zimbra Firewall Configuration for RedHat (CentOS/RHEL/Fedora/Rocky Linux)
The firewall on a RHEL system is configured by default with system-config-firewall, which on the console is an annoying ncurses menu which doesn't permit adding custom ports/protocols.
The ports you probably want open for Zimbra are:
25 smtp [mta] - incoming mail to postfix 80 http [mailbox] - web mail client 110 pop3 [mailbox] 143 imap [mailbox] 443 https [mailbox] - web mail client over ssl 465 smtps [mta] - incoming mail to postfix over ssl (Outlook only) 587 smtp [mta] - Mail submission over tls 993 imaps [mailbox] - imap over ssl 995 pops [mailbox] - pop over ssl 7071 https [mailbox] - admin console
The raw iptables configuration is stored in /etc/sysconfig/iptables:
# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 456 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 7071 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Ensure the iptables init script is part of your default runlevel.
# chkconfig --level 345 iptables on
Restart it to apply the changes.
/etc/init.d/iptables restart
Comments
There are no comments for this item.