adding local port inside HF to accept data

KhalidAlharthi · ‎09-04-2024

Hello Members,

I have configured splunk HF to recieve data input as port 1531/udp

i used command firewall-cmd --permanent --zone=public --add-port=1531/udp

but when i used firewall-cmd --list-all dosen't appear on the opening ports is this consider a problem and also checked netstat and the port is listening on 0.0.0.0 (all)

thanks

kiran_panchavat · ‎09-06-2024

@KhalidAlharthi

1. Reload Firewall Rules : sudo firewall-cmd --reload

2. Verify the Rule is Active: sudo firewall-cmd --list-all

3. Consider SELinux: If you're using SELinux (Security-Enhanced Linux), it could also be blocking access. You can temporarily disable it to test if that's the issue :
sudo setenforce 0

I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.

PickleRick · ‎09-06-2024

SELinux has nothing to do with firewalld in the sense that adding a rule to firewalld should work regardless of SELinux status - the rule should show. True, SELinux coud prevent the process from processing connection but that's completely independent from firewalld.

adding local port inside HF to accept data

heavy forwarder

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?