In an attempt to install the iptables-persistent package for the Checkmk virtual appliance I received this error message:
!!! WARNING !!!
You are trying to use apt on a Check_MK Appliance. Installing or updating
packages manually will lead to serious trouble.
Your device will not be supported anymore if you change the installed packages.
!!! WARNING !!!
Do you want to continue? [y/N]:
To configure firewall rules effectively on the appliance this package is extremely important.
My questions are:
- Since iptables itself comes preinstalled on the appliance, will I really have serious problems installing this package?
- Can we have this package built in with the appliance to avoid the above possible issues, and so we will not need to install it manually at each firmware upgrade?
which problem should be solved by installing iptables?
Iptables is already installed as a firewall to create rules that allow and block traffic to my checkmk server.
Iptables-persistent will allow the firewall rules to “persist” during system reboots and not be erased.
why do yo need a firewall.
A cmk system should never be reachable from outside without protection by firewalls and/ or VPN.
I see what you mean. The ultimate reason is that it is our company policy to have a layered security, including installing a local firewall.
but if an internal system is under attack you ve other problems
you could just use
iptables-save > /etc/rulesv4.conf
and then add the following to the startup of the system.
iptables-restore < /etc/rulesv4.conf