[CentOS] Recommended way of handling iptables firewall in CentOS?
Hi, I'm planning to use CentOS 6.x on a handful of LAN servers. So far I've been using Slackware64 14.0 and 14.1 for the job. I wonder what's the orthodox/recommended way of configuring and iptables firewall with CentOS. I understand there's the system-config-securitylevel-tui NCurses interface which allows defining a basic set of rules. But what about the handful of more advanced rules I have to configure? Here's an example of an /etc/rc.d/rc.firewall script that I might use with Slackware. It contains mostly basic rules, and a couple of more advanced rules, one to limit SSH access, the other one to redirect HTTP traffic to Squid. If I want to copy my actual firewall configuration to CentOS, what would be the recommended way? I started from a bare bones minimal CentOS 6.5 installation, so system-config-securitylevel-tui is not even installed. Is it a good idea to try to configure /etc/sysconfig/iptables by hand? What do you suggest? Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommended way of handling iptables firewall in CentOS?
Le 13/10/2014 11:11, Reindl Harald a écrit : just write a bash script which resets and configures iptables with the iptables command and at the end of the script call /sbin/service iptables save which writes the current rules to /etc/sysconfig/iptables and so at boot the rules get loaded atomically Thanks very much! I followed your advice, and here's a first version of a firewall script for a LAN server: https://github.com/kikinovak/centos/blob/master/6.x/firewall/firewall-lan.sh Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommended way of handling iptables firewall in CentOS?
On Mon, 2014-10-13 at 12:30 +0200, Niki Kovacs wrote: Le 13/10/2014 11:11, Reindl Harald a écrit : just write a bash script which resets and configures iptables with the iptables command and at the end of the script call /sbin/service iptables save which writes the current rules to /etc/sysconfig/iptables and so at boot the rules get loaded atomically Thanks very much! I followed your advice, and here's a first version of a firewall script for a LAN server: https://github.com/kikinovak/centos/blob/master/6.x/firewall/firewall-lan.sh Cheers, Niki Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving. -- Ron Loftin relof...@twcny.rr.com God, root, what is difference ? Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommended way of handling iptables firewall in CentOS?
Le 13/10/2014 13:36, Ron Loftin a écrit : Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving. Thanks for the suggestion, I'll look into it. Though I admit having a clear preference for the bare bones approach to all things Linux. My favorite configuration tool is Vi :o) Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommended way of handling iptables firewall in CentOS?
Bare bones is fine, but you miss out on the tools which may make your life easier. As an example you can configure a DB (PostgreSQL, mySQL, whatever) using the command, but it is frequently more time-cost effective to use a tool. Things like SSH used to be optional at one time. Now it is in every distribution's standard build. useradd is not really needed. How bare bones do you want to get? Cheers, Cliff On Tue, Oct 14, 2014 at 12:41 AM, Niki Kovacs i...@microlinux.fr wrote: Le 13/10/2014 13:36, Ron Loftin a écrit : Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving. Thanks for the suggestion, I'll look into it. Though I admit having a clear preference for the bare bones approach to all things Linux. My favorite configuration tool is Vi :o) Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos