Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Zabbix, opening firewall port

Scheduled Pinned Locked Moved Solved Support
networkingfirewall
5 Posts 2 Posters 82 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • bigvictorioB Offline
    bigvictorioB Offline
    bigvictorio
    wrote on last edited by girish
    #1

    Hello folks,

    I'm using for all of my infrastructure Zabbix - an open-source software tool to monitor infrastructure.
    There is a Zabbix-server that functions as a web-dashboard, and a Zabbix-agent that you can install on anything like (Windows server, Linux distros, Networking products, Management of Servers). However, Zabbix-agent to function properly requires opening TCP/10050 port on clients.
    I know Cloudron does not recommend messing with the firewall, but just for this application, I would like to open this port. Also, this app is not in the app store so this is my only alternative.

    Is there a recommended way, or can you provide more information what is the best practice to open a specific port in cloudron instance?
    In one thread on this forum, somebody linked to this config file: https://git.cloudron.io/cloudron/box/-/blob/master/setup/start/cloudron-firewall.sh. However, I'm not sure if this is recommended practice, and even after some cloudron update, this file could be overwritten.

    I would like simple rule, either in IPTABLES or UFW:
    IP Tables:
    iptables -A INPUT -s <MY_PUBLIC_IP_WHERE_IS_ZABBIX_SERVER_RUNNING>/32 -p tcp -m tcp --dport 10050 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 10050 -j DROP

    UFW: sudo ufw allow from <MY_PUBLIC_IP_WHERE_IS_ZABBIX_SERVER_RUNNING> proto tcp to any port 10050

    I believe this is not that hard, I'm just looking for some "recommended practices"
    Thanks, Guys 🙂

    girishG 1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    replied to bigvictorio on last edited by
    #2

    @bigvictorio I think you want https://docs.cloudron.io/networking/#whitelist-ports ?

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #3

    Note that what the above does is opens up an incoming port . For IP restrictions, use some application level security (access token or api token or equivalent).

    1 Reply Last reply
    0
  • bigvictorioB Offline
    bigvictorioB Offline
    bigvictorio
    wrote on last edited by bigvictorio
    #4

    @girish already found it in documentation but thanks 😄 ❤ Whitelisted that port and its working.
    Yeah, i'm using preshared key as a token.
    However, are they any alternatives? If i want more complex firewall?

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to bigvictorio on last edited by
    #5

    @bigvictorio At this point, no. But feel free to open feature requests and we can add firewall features as needed.

    1 Reply Last reply
    0
  • girishG girish marked this topic as a question on
  • girishG girish has marked this topic as solved on

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.