Open ports only for default services

aneta-petrova · aneta-petrova · commit 84004ccd00ee · 2025-09-10T15:50:35.000+02:00
diff --git a/guides/common/modules/proc_opening-required-ports.adoc b/guides/common/modules/proc_opening-required-ports.adoc
@@ -42,12 +42,16 @@ endif::[]
 ----
 endif::[]
 ifeval::["{context}" == "{project-context}"]
-. Allow access to services on {ProjectServer}:
+. Allow access to services on {ProjectServer}.
 endif::[]
 ifeval::["{context}" == "{smart-proxy-context}"]
-. Allow access to services on {SmartProxyServer}:
+. Allow access to services on {SmartProxyServer}.
 endif::[]
+The exact list of services that must be accessible depends on the services you want to enable on the server.
 +
+To allow access to the services that are enabled by default:
++
+ifdef::satellite[]
 [options="nowrap"]
 ----
 # firewall-cmd \
@@ -56,11 +60,38 @@ endif::[]
 --add-service=tftp \
 --add-service=http \
 --add-service=https \
-ifndef::katello,satellite,orcharhino[]
 --add-service=foreman-proxy \
+----
+endif::[]
+ifdef::katello[]
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-service=http \
+--add-service=https \
+--add-service=foreman-proxy \
+----
+endif::[]
+ifdef::orcharhino[]
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-service=http \
+--add-service=https \
+--add-service=foreman-proxy \
+--add-service=puppetmaster
+----
 endif::[]
+ifdef::foreman-deb,foreman-el[]
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-service=http \
+--add-service=https \
+--add-service=foreman-proxy \
 --add-service=puppetmaster
 ----
+endif::[]
 . Make the changes persistent:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
