Are you trying to set up Zimbra firewall configuration with UFW and firewalld?

This article will guide you through the steps to do this.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to solve Zimbra related queries.

In this context, we shall look into the restoration process of the Zimbra LDAP database from backup.

Steps to install UFW on Ubuntu and CentOS?

Before configuring Zimbra firewall, it is important for you to install UFW and Firewalld.
To install UFW on Ubuntu, simply execute the following command;

sudo apt-get update && sudo apt-get -y install ufw

Then for CentOS, the UFW package is available on EPEL repositories. Therefore, execute the following commands;

sudo yum -y install epel-release

sudo yum makecache fast

sudo yum -y install ufw

How to Install Firewalld on CentOS 7.x?

If CentOS doesn't have Firewalld already then we can install it by executing the following commands;

sudo makecache fast

sudo yum -y install firewalld

Next, start and enable the firewalld service by running the command;

sudo systemctl start firewalld

sudo systemctl enable firewalld

For Debian based systems, execute the below commands;

sudo apt update

sudo apt -y install firewalld

How to perform Zimbra Firewall configuration using UFW?

Now let us take a quick look at the steps to configure Zimbra firewalld.
For UFW, start by creating an application profile for UFW called Zimbra with the following command;

sudo vim /etc/ufw/applications.d/zimbra

Next, add the following contents;

[Zimbra]

title=Zimbra Collaboration Server

description=Open source server for email, contacts, calendar, and more.

ports=22,25,80,110,143,161,389,443,465,514,587,993,995,7071,8443,11211/tcp

Then, enable app profile on ufw by executing;

sudo ufw allow Zimbra

sudo ufw enable

Additionally, add ssh port by running the following command;

sudo ufw allow ssh

In order to make any Zimbra profile then we update it by using the command;

$ sudo ufw app update Zimbra

You will see an output such as;

Rules updated for profile 'Zimbra'

Skipped reloading firewall

For a single server installation, Memcache is not used outside the local server. We consider binding it to the loopback IP address by running the following commands;

sudo su – zimbra

zmprov ms zmhostname zimbraMemcachedBindAddress 127.0.0.1

zmprov ms zmhostname zimbraMemcachedClientServerList 127.0.0.1

Then, restart the Memcached service;

sudo su – zimbra -c "zmmemcachedctl restart"

How to perform Zimbra Firewall configuration using Firewalld?

Start by confirming if firewalld is in a running state or not. To do this, execute;

sudo firewall-cmd –state running

If not, then we start it by executing the following command;

sudo systemctl start firewalld

After that, we configure Zimbra ports and services on the firewall. To do this, execute;

sudo firewall-cmd –add-service={http,https,smtp,smtps,imap,imaps,pop3,pop3s} –permanent

sudo firewall-cmd –add-port 7071/tcp –permanent

sudo firewall-cmd -add-port 8443/tcp –permanent

Now, we reload the firewalld configurations by running the following command;

sudo firewall-cmd –reload

Then we confirm the runtime settings by running the following command;

$ sudo firewall-cmd –list-all

public

target: default

icmp-block-inversion: no

interfaces:

sources:

services: dhcpv6-client http https imap imaps pop3 pop3s smtp smtps snmp ssh

ports: 7071/tcp 8443/tcp

[Need additional support with Zimbra related queries? – We are here to help you.]