Configure the Address Manager firewall.
Address Manager v8.2.0 introduces an Address Manager Firewall Service to improve Address Manager security and resolve the vulnerability described in Knowledge Base article https://care.bluecatnetworks.com/s/article/ka1400000008byyAAA/Vulnerability-In-Apache-Commons-Collection-Libraryon BlueCat Customer Care.
Attention: The Address Manager Firewall impacts the creation of Address Manager database replication. Customers running Address Manager in replication upgrading to v8.2.0 or greater, or customers performing clean installations of Address Manager v8.2.0 or greater who will be configuring database replication should refer to Configuring database replication for more information.
You can view the current state of the Address Manager firewall service. Use show firewall from Main Session mode or show from Firewall Configuration mode.
Proteus> show firewall *bamfirewall.service - BlueCat Address Manager Firewall Service Loaded: loaded (/lib/systemd/system/bamfirewall.service; enabled) Active: active (exited) since Mon 2017-11-29 13:55:55 UTC; 2h 16min ago Main PID: 415 (code=exited, status=0/SUCCESS) CGroup: /system.slice/bamfirewall.service
Press Tab to view a list of available commands, or type ? to view a description of each available item:
- disable—disable the firewall (not recommended)Warning: BlueCat strongly advises against disabling the Address Manager firewall. Disabling the firewall should only be performed for servers in a secure environment and only for short periods of time.
- exit—exit from firewall.
- help—display help information.
- history—display the current session’s command line history.
- reset—stops and resets the firewall and forgets the previous replication configuration.
- show—show firewall status.
- start—enables and starts the firewall.
- stop—stops the firewall.