{"id":1658,"date":"2014-12-16T19:35:44","date_gmt":"2014-12-16T19:35:44","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=1658"},"modified":"2025-06-13T23:52:53","modified_gmt":"2025-06-14T06:52:53","slug":"iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/","title":{"rendered":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway"},"content":{"rendered":"<p>It is all too common for people to just turn off IPtables instead of actually figuring out what ports to open. I have to admit I have done it myself. Well we need to stop that. IPtables is our\u00a0friend, really. To that end, here is the body of a script you can use to configure IPtables.<\/p>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"1\" style=\"width:800px\">\n<tbody>\n<tr>\n<td><em># Couchbase DB Server Ports<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 4369 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 8091 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 8092 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 11209 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 11210 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 11211 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 11214 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 11215 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 18091 -j ACCEPT<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 18092 -j ACCEPT<\/em><br \/>\n\t\t\t<em>iptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 21100:21199 -j ACCEPT<\/em><br \/>\n\t\t\t\u00a0<\/p>\n<p><em># Couchbase sync_gateway ports<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 4984 -j ACCEPT<\/em><\/p>\n<p>\t\t\t<em> <\/em><\/p>\n<p><em># If you want to open the sync_gateway service&#39;s admin interface to outside traffic:<br \/>\n\t\t\tiptables -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 4985 -j ACCEPT<\/em><\/p>\n<p><em># When you are done adding those, you want to run the following two commands to make sure the REJECT is<br \/>\n\t\t\t#\u00a0<\/em><em style=\"font-family:inherit; font-size:1em; line-height:1.4375em\">at the end of the chain. Otherwise things will not work. The first one deletes it and the second adds it back in.<br \/>\n\t\t\t# The reason for this is otherwise we have to get into line numbers of the chain and that is harder to explain<br \/>\n\t\t\t#\u00a0<\/em><em style=\"font-family:inherit; font-size:1em; line-height:1.4375em\">if you are not familiar with IPTables.<\/em><\/p>\n<p><em>iptables -D INPUT -j REJECT &#8211;reject-with icmp-host-prohibited<br \/>\n\t\t\tiptables -A INPUT -j REJECT &#8211;reject-with icmp-host-prohibited???<\/em><br \/>\n\t\t\t\u00a0<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-family:inherit; font-size:1em; line-height:1.4375em\">Check to make sure they are all in correctly by running as root `iptables &#8211;list`. It should look something like this:<\/span><\/p>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"1\" style=\"width:800px\">\n<tbody>\n<tr>\n<td>\n<p><em># iptables &#8211;list<br \/>\n\t\t\tChain INPUT (policy ACCEPT)<br \/>\n\t\t\ttarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination \u00a0 \u00a0 \u00a0 \u00a0\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 all \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state RELATED,ESTABLISHED\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 icmp &#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 all \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:ssh\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:epmd\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:jamlink\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:8092\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:11209\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:11210\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:memcache\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:11214\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:11215\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:18091\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:18092\u00a0<br \/>\n\t\t\tACCEPT \u00a0 \u00a0 tcp \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0state NEW tcp dpt:webyast<br \/>\n\t\t\tREJECT \u00a0 \u00a0 all \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0reject-with icmp-host-prohibited<\/em><\/p>\n<p><em>Chain FORWARD (policy ACCEPT)<br \/>\n\t\t\ttarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination \u00a0 \u00a0 \u00a0 \u00a0\u00a0<br \/>\n\t\t\tREJECT \u00a0 \u00a0 all \u00a0&#8212; \u00a0anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 anywhere \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0reject-with icmp-host-prohibited\u00a0<\/em><\/p>\n<p><em>Chain OUTPUT (policy ACCEPT)<br \/>\n\t\t\ttarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Just remember to save this config once you have it in place (`service iptables save`). Also, you need\u00a0to confirm that the REJECT for the INPUT chain is at the end. Otherwise you will reject any traffic to ports\u00a0listed below that REJECT.<\/p>\n<p>Just remember that this is local server security only! It does <strong>NOT<\/strong> take the place of a network firewall or AWS security groups\/network\u00a0<span style=\"font-family:inherit; font-size:1em\">ACLs. You really should use both.<\/span><\/p>\n<p>If you would like more information on network ports, please see the\u00a0<a href=\"https:\/\/docs.couchbase.com\/couchbase-manual-2.5\/cb-install\/#network-ports\" style=\"line-height: 23px;\">Couchbase Admin documentation<\/a>\u00a0or the Couchbase mobile documentation.<\/p>\n<p>There are no warranties, expressly or implied in this blog post, for IPTables or these settings. You have to do your own due dilligence when it comes to your system&#39;s security. So use good sense here, please.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It is all too common for people to just turn off IPtables instead of actually figuring out what ports to open. I have to admit I have done it myself. Well we need to stop that. IPtables is our\u00a0friend, really. [&hellip;]<\/p>\n","protected":false},"author":23,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1813],"tags":[1352,1355],"ppma_author":[9008],"class_list":["post-1658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-linux","tag-operations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway\" \/>\n<meta property=\"og:description\" content=\"It is all too common for people to just turn off IPtables instead of actually figuring out what ports to open. I have to admit I have done it myself. Well we need to stop that. IPtables is our\u00a0friend, really. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-12-16T19:35:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:52:53+00:00\" \/>\n<meta name=\"author\" content=\"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\"},\"author\":{\"name\":\"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2887e38425754897cea2d896bf082e6d\"},\"headline\":\"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway\",\"datePublished\":\"2014-12-16T19:35:44+00:00\",\"dateModified\":\"2025-06-14T06:52:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\"},\"wordCount\":685,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Linux\",\"operations\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\",\"name\":\"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2014-12-16T19:35:44+00:00\",\"dateModified\":\"2025-06-14T06:52:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2887e38425754897cea2d896bf082e6d\",\"name\":\"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/60a4ddb304fde12e65369919433b8dc7\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f704905856dcd1767d50024da51e2fa159eea665c85aff3224bc8763551d4e35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f704905856dcd1767d50024da51e2fa159eea665c85aff3224bc8763551d4e35?s=96&d=mm&r=g\",\"caption\":\"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase\"},\"description\":\"Kirk Kirkconnell was a Senior Solutions Engineer at Couchbase working with customers in multiple capacities to assist them in architecting, deploying, and managing Couchbase. His expertise is in operations, hosting, and support of large-scale application and database infrastructures.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/kirk-kirkconnell\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/","og_locale":"en_US","og_type":"article","og_title":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway","og_description":"It is all too common for people to just turn off IPtables instead of actually figuring out what ports to open. I have to admit I have done it myself. Well we need to stop that. IPtables is our\u00a0friend, really. [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/","og_site_name":"The Couchbase Blog","article_published_time":"2014-12-16T19:35:44+00:00","article_modified_time":"2025-06-14T06:52:53+00:00","author":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/"},"author":{"name":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2887e38425754897cea2d896bf082e6d"},"headline":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway","datePublished":"2014-12-16T19:35:44+00:00","dateModified":"2025-06-14T06:52:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/"},"wordCount":685,"commentCount":1,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Linux","operations"],"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/","url":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/","name":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2014-12-16T19:35:44+00:00","dateModified":"2025-06-14T06:52:53+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/iptables-firewall-settings-couchbase-db-and-couchbase-mobile-syncgateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2887e38425754897cea2d896bf082e6d","name":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/60a4ddb304fde12e65369919433b8dc7","url":"https:\/\/secure.gravatar.com\/avatar\/f704905856dcd1767d50024da51e2fa159eea665c85aff3224bc8763551d4e35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f704905856dcd1767d50024da51e2fa159eea665c85aff3224bc8763551d4e35?s=96&d=mm&r=g","caption":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase"},"description":"Kirk Kirkconnell was a Senior Solutions Engineer at Couchbase working with customers in multiple capacities to assist them in architecting, deploying, and managing Couchbase. His expertise is in operations, hosting, and support of large-scale application and database infrastructures.","url":"https:\/\/www.couchbase.com\/blog\/author\/kirk-kirkconnell\/"}]}},"authors":[{"term_id":9008,"user_id":23,"is_guest":0,"slug":"kirk-kirkconnell","display_name":"Kirk Kirkconnell, Senior Solutions Engineer, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/f704905856dcd1767d50024da51e2fa159eea665c85aff3224bc8763551d4e35?s=96&d=mm&r=g","author_category":"","last_name":"Kirkconnell","first_name":"Kirk","job_title":"","user_url":"","description":"Kirk Kirkconnell was a Senior Solutions Engineer at Couchbase working with customers in multiple capacities to assist them in architecting, deploying, and managing Couchbase. His expertise is in operations, hosting, and support of large-scale application and database infrastructures."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/1658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=1658"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/1658\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=1658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=1658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=1658"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}