Directly contact our Support Team

How to configure IPTABLES firewall rules on GravityZone for restricting outside access to MongoDatabase

Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

This article describes how to manually configure the IPTABLES firewall rules on GravityZone Virtual Appliance.

Overview

Restricting access to critical servers like Bitdefender GravityZone Virtual Appliance is a best practice for preventing attacks. Configuring iptables to disable the unused ports is one measure you should take.

What is iptables? Iptables defines the firewall from the Linux distributions and has two components: a rules table and the commands to define the rules. Iptables is part of the Netfilter framework which facilitates Network Address Translation (NAT), packet filtering and packet mangling in Linux. For additional information on Firewall and Iptables, refer to this Ubuntu help page.

Configure IPTABLES

By default, GravityZone Virtual Appliance does not have iptables installed.

To install iptables:

  1. Open an SSH connection to GravityZone, using putty.
  2. Login with the bdadmin credentials.
  3. Type the sudo su command and insert bdadmin's password to get root privileges.
  4. Type the following commands:
    #apt-get update
    #apt-get install iptables
  5. Once iptables is installed, you can check the default rules:
    #iptables –nvL
    INPUT, FORWARD and OUTPUT are allowed.

There are two deployment types of GravityZone:

  1. GravityZone all-in-one. All GravityZone roles (Database, Update Server, Communication Server and Web Console) are installed and running on the same virtual appliance.
  2. GravityZone with distributed roles. The roles are installed on several virtual appliances to ensure high availability and load balancing options.

To configure the iptables rules, copy and paste the following commands in putty, according to your GravityZone architecture:

  1. IPTABLES Rules for GravityZone all-in-one:
    #iptables -A INPUT -p tcp -m tcp --dport 27017 -m comment --comment "GravityZone Database Port" -j DROP -i eth0
  2. IPTABLES Rules for GravityZone distributed architecture:
    For each GravityZone virtual appliance with the database role installed:
    1. To allow database access inside the GravityZone architecture, for each Gravityzone virtual appliance run the following command:
      #iptables -A INPUT -s GravityZone_Machine_IP -p tcp -m tcp --dport 27017 -m state --state NEW -m comment --comment "MongoDB Access" -j ACCEPT
    2. To restrict database access from machines outside the GravityZone architecture, run the next command:
      #iptables -A INPUT -p tcp -m tcp --dport 27017 -m comment --comment "GravityZone Database Port" -j DROP -i eth0

For additional iptables configuration options, refer to this Ubuntu article.

Note: This solution will be included in the next GravityZone update.

Acknowledgement

The security issue solved within the present article was responsibly reported by Stefan Viehböck from the
SEC Consult
Vulnerability Lab. Bitdefender would like to take this opportunity to thank Mr. Stefan Viehböck for his valuable support.

Along with the aforementioned security issue, Mr. Stefan Viehböck has reported other two GravityZone vulnerabilities, related to the possibility of obtaining unauthorized access to restricted files from the GravityZone web console and from the GravityZone update server. These two issues have already been solved and the solutions have been delivered with the previous GravityZone updates.

Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit