Recommended way of handling iptables firewall in CentOS?

245 views

I'm planning to use CentOS 6.x on a handful of LAN servers. So far I've been using Slackware64 14.0 and 14.1 for the job.

I wonder what's the orthodox/recommended way of configuring and iptables firewall with CentOS. I understand there's the system-config-securitylevel-tui NCurses interface which allows defining a basic set of rules. But what about the handful of more advanced rules I have to configure?

Here's an example of an /etc/rc.d/rc.firewall script that I might use with Slackware. It contains mostly basic rules, and a couple of more advanced rules, one to limit SSH access, the other one to redirect HTTP traffic to Squid.

If I want to copy my actual firewall configuration to CentOS, what would be the recommended way? I started from a bare bones minimal CentOS 6.5 installation, so system-config-securitylevel-tui is not even installed.
Is it a good idea to try to configure /etc/sysconfig/iptables by hand? What do you suggest?

posted Oct 13, 2014 by anonymous

Looking for an answer? Promote on:

Similar Questions

+6 votes

What is ImageDecoder in CentOS

Noticing multiple threads named "ImageDecoder" showing up in the output of top (when threads are turned on with "H").

Can someone tell me what it is?

+3 votes

Restarting network interface in Linux Centos

I googled to see how I might restart the network interface in CentOS. I initially tried before googling:

sudo service network restart

I noticed that only the loopback interface was restarted. To confirm this I did:

service network stop

and then did

ifconfig

and the loopback info was gone. I then found ifconfig eth0 up/down and tried those and that did what I is was looking for. Why doesn't "service network restart" restart all interfaces?

+4 votes

Install Latex2man in CentOs

How to install "Latex2man" (Rpm file) in CentOs?
And what are other dependencies need to be installed with it?

0 votes

device in use after a reboot in centos

I have a server with an 17tb scsi-storage. In past, the storage has a "jfs"-filesystem. Now i want to create a "ext4"-filesystem. I have update the e2fsprogs from 1.41 to 1.42 (16tb limit >1.41).

Now I have an 17tb-storage as /dev/sda1 with ext4. I can mount this device as /home/ (/etc/fstab /dev/sda1 /home/ ext4 defaults 1 2". Now I start a e2fschk /dev/sda1 (umounted). No error-messages are in
the screen.

If I now reboot the server, the server does not started:

I think thats can be a problem with the e2fsprogs 1.42, now i reinstall the server with the default e2fsprogs 1.41 from CentOS 6.4 and create only a 16tb /dev/sda1 partition with ext4. But if i start a "e2fschk
/dev/sda1" and reboot the server, i have the same message in the boot-screen and the server does not boot.

Why the system thinks that the device still be in use? How can i change this?

+1 vote

How to rebuild logrotate.status on centos?

I have a problem in that at first all my log files were dated 12-31-1969 and logrotate has:

# more /var/lib/logrotate.status
logrotate state -- version 2
"/var/log/yum.log" 1969-12-31-20:26:1
"/var/named/data/named.run" 1969-12-31-20:26:1
"/var/log/httpd/error_log" 2015-8-27-4:43:1
"/var/log/wtmp" 1969-12-31-20:26:1
"/var/log/chrony/*.log" 2015-8-19-22:0:0
"/var/log/spooler" 1969-12-31-20:26:1
"/var/log/btmp" 1969-12-31-20:26:1
"/var/log/maillog" 1969-12-31-20:26:1
"/var/log/wpa_supplicant.log" 2015-8-19-22:0:0
"/var/log/secure" 1969-12-31-20:26:1
"/var/log/ppp/connect-errors" 2015-8-19-22:0:0
"/var/log/messages" 1969-12-31-20:26:1
"/var/log/cron" 1969-12-31-20:26:1
"/var/log/httpd/access_log" 2015-8-27-4:43:1

How do I get this file rebuilt with the dates currently on the files listed?

...

Recommended way of handling iptables firewall in CentOS?

Your comment on this post:

Your answer

Preview