Observing these rules can help to prevent unauthorized access to the controller:
Do not allow other users besides sdn
and sdnadmin
to have access to your controller system.
Do not store your authentication token in plain text, such as a non-encrypted cookie.
Do not use self-signed certificates in a production environment.
Do not alter contents under /opt/sdn/Cassandra
and /opt/sdn/Hazelcast
.
Do not delete any of the following iptables
rules as shown below:
IP tables Rules
Target | prot opt source | Destination |
---|---|---|
REJECT | tcp --anywhere | anywhere tcp dpt:5700 reject-with icmp-port-unreachable |
ACCEPT | tcp – 127.0.0.0/8 | anywhere tcp dpt:9160 |
REJECT | tcp --anywhere | anywhere tcp dpt:9160 reject-with icmp-port-unreachable |
ACCEPT | tcp – 127.0.0.0/8 | anywhere tcp dpt:7199 |
REJECT | tcp --anywhere | anywhere tcp dpt:7199 reject-with icmp-port-unreachable |