This is a short step by step guide describing how to edit XenServer iptables configuration using system-config-securitylevel-tui utility.
- Login as a root to your XenServer console using SSH or XenCenter.
- Enter system-config-securitylevel-tui command to execute firewall configuration utility.
- In the opened window navigate to the customize button and press enter.
- The newly opened window allows you to edit XenServer iptables configuration. Select desired services that you want to allow or disallow through the XenServer firewall.
If you want to add custom ports, enter them in Other ports section. Follow the service:protocol or port:protocol formats, ie. 1234:tcp or ha-cluster:udp
You can allow multiple ports by using a space as separator, ie. ha-cluster:udp 1234:tcp
Remember that HTTPS port (443:tcp) is used and required for communication with XenCenter.
Blocking this port will make you unable to connect with XenCenter.
- Select OK button to save your configuration.
- You can verify your changes by issuing iptables -L command.
Not sure what ports are used by XenServer?
Learn more about XenServer