Enabling the Linux firewall for RTM Services

To use RTM with a Linux firewall, you must open several ports, depending on your configuration. Improvements to the Linux firewall over the last several years makes firewall changes quite simple.

Those ports include:

HTTP Port (80) – Required to redirect traffic to HTTPS.
HTTPS Port (443) – Required for secure communications.
MySQL/MariaDB Port (3306) – Required for Remote Data Collectors only.
Advocate Port (8089) – Required for privileged LSF transactions requiring approval.
Various License Vendor Daemon Ports (several) – Required for License Services to be able to respond to the client. There can be several ports to open depending on the license vendor.

Enable the firewall. Run the following command:

systemctl enable firewalld
systemctl start firewalld

At this point, the web server and all remote data collection will likely stop. So, after you do this, you need to enable services for http, https, and mysql using the following commands:
```
firecall-cmd --zone=public --permanent --add-service=http
firecall-cmd --zone=public --permanent --add-service=https
firecall-cmd --zone=public --permanent --add-service=mysql
```
By default, the Advocate service uses port 8089, this port can change. You can see the Advocate port in use by going to Console > Configuration > RTM Settings > Poller and look for the Advocate Port. To enable access to the Advocate Port, use the following command:
```
firewall-cmd --zone=public --permanent --add-port=8089/tcp
```
For several License Services, especially FLEXlm Services, you have to allow the Vendor Daemon ports to perform inbound communications. For each service, review the License Service documentation as to which port to allow inbound on your firewall. Then run the following command, replacing <port> with the inbound port:
```
firewall-cmd --zone=public --permanent --add-port=<port>/tcp
```
Reload the configuration to enable your changes using the following command:
```
firwall-cmd --reload
```