Skip to main content
Version: 3.25

Firewall Management

Using the orbit firewall command you can manage the source blocking that is performed by HIDS, and normalize firewall rules for running services.

Until the current version (senhasegura v3.2) the blocking of a host occurs when this host exceeds the login attempt via SSH.

mt4adm@vmdf-giskard:~$ sudo orbit firewall --help
Usage: orbit firewall [<command>]

System Firewall management tools

Arguments:
  [<command>]    Run security commads: [block|unblock|normalize|status]

Flags:
      --help             Show context-sensitive help.

  -h, --host=HOST,...    Host IP or Network list
      --force            Force the command execution, never prompt
      --show

Use the –show argument or the status action to list the IPs that are blocked from this instance of senhasegura .

mt4adm@vmdf-giskard:~$ sudo orbit firewall --show
Currently blocked hosts
172.18.77.185

mt4adm@vmdf-giskard:~$ sudo orbit firewall status
Currently blocked hosts
172.18.77.185

To release access from a specific IP, use the unblock action with the argument –host.

mt4adm@vmdf-giskard:~$ sudo orbit firewall unblock  
 --host=172.18.77.185
Are you sure you want to proceed: y
Done!
No errors reported

If there is a need to block a specific IP, you can use the block action.

mt4adm@vmdf-giskard:~$ sudo orbit firewall block  
 --host=172.18.77.185
Are you sure you want to proceed: y
Done!
No errors reported

To normalize the firewall rules based on the installed services, with each system update Orbit itself executes the command orbit firewall normalize. This command can also be executed by the administrator.

mt4adm@vmdf-giskard:~$ sudo orbit firewall normalize
Are you sure you want to proceed: y
Firewall normalized
No errors reported

wazuh whitelist

When creating a cluster you might want to guarantee that the members are in the whitelist to add the server to the whitelist you can use the command:

orbit wazuh whitelist

Command to add a new IP to the senhasegura:

orbit wazuh whitelist add --ips=172.23.213.48

Command to remove an IP from the senhasegura:

orbit wazuh whitelist delete --ips=1.1.1.1,2.2.2.2

Command to check the whitelist of senhasegura:

orbit wazuh whitelist status