Citrix XenServer

This is a short step by step guide describing how to edit XenServer iptables configuration using system-config-securitylevel-tui utility.

  1. Login as a root to your XenServer console using SSH or XenCenter.
  2. Enter system-config-securitylevel-tui command to execute firewall configuration utility.
  3. In the opened window navigate to the customize button and press enter.
    XenServer edit iptables configuration in firewall configuration utility
  4. The newly opened window allows you to edit XenServer iptables configuration. Select desired services that you want to allow or disallow through the XenServer firewall.
    XenServer edit iptables configuration firewall customization
    If you want to add custom ports, enter them in Other ports section. Follow the service:protocol or port:protocol formats, ie. 1234:tcp or ha-cluster:udp
    You can allow multiple ports by using a space as separator, ie. ha-cluster:udp 1234:tcp

    Remember that HTTPS port (443:tcp) is used and required for communication with XenCenter.
    Blocking this port will make you unable to connect with XenCenter.
  5. Select OK button to save your configuration.
  6. You can verify your changes by issuing iptables -L command.

Not sure what ports are used by XenServer?

You are not sure what ports are used by XenServer? You can consult with a great “XenServer Ports and Connections poster made by Björn Andersson.

XenServer edit iptables configuration ports and connections

Learn more about XenServer