Changing firewall and SELinux settings for Spectrum Connect

You can change the firewall and SELinux settings for IBM Spectrum Connect after installing it to allow the Spectrum Connect service to be started in cases where the firewall and SELinux are enabled..

Follow these steps to change the firewall and SELinux settings for Spectrum Connect post-installation to allow the Spectrum Connect service to be started in cases where the firewall and SELinux are enabled.:

1. Open the 8440 TCP port:
   • RHEL 7.x, CentOS 7.x:
     • firewall-cmd --permanent --add-port=8440/tcp
     • firewall-cmd --reload

   Note: If you are using a different firewall software, please refer to that software documentation for help.

2. Open the 5672 and 4369 TCP ports under RHEL 7.x and CentOS 7.x:
   • firewall-cmd --permanent --zone=trusted --add-interface=lo
   • firewall-cmd --permanent --zone=trusted --add-port=5672/tcp
   • firewall-cmd --permanent --zone=trusted --add-port=4369/tcp
   • firewall-cmd --reload

   Note: If you are using a different firewall software, please refer to that software documentation for help.

3. If you are using SELinux, allow nginx to bind network interfaces and connect to the ibmsc socket:
   • RHEL 7.x, CentOS 7.x:
     • semodule -i /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.pp
     • systemctl restart nginx

   To display ibmsc selinux policy:

   • RHEL 7.x: cat /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.te