OT: building a new MS machine and stuck at the firewall
shrek-m at gmx.de
shrek-m at gmx.de
Tue Feb 28 01:12:09 GMT 2006
On 27.02.2006 21:32, Julian Field wrote:
>Once you've got iptables in, how do you configure it?
>Presumably there are some reasonable firewall configuration tools
>included with RHEL/CentOS?
>
- afair
iptables via `system-config-securitylevel` or `setup`
selinux via `system-config-securitylevel`
ipsec via `system-config-network`
- you can edit /etc/sysconfig/iptables* by hand
- execute your iptables rules and save it with `iptables-save` and
check the new /etc/sysconfig/iptables.
i am no expert but iirc you can setup your custom chain and process it
before the rh fw chain, eg.
iptables -N MS
iptables -I INPUT 1 -j MS
iptables -A MS your_rules -j ACCEPT
service iptables save
- i prefer to stop the iptables service and start my own iptables-script
via /etc/rc.local eg.
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -A INPUT ... -p tcp -m multiport --dport ... -j ACCEPT
iptables -t filter -A OUTPUT ... -p tcp -m multiport --sport ... -j ACCEPT
...
--
shrek-m
More information about the MailScanner
mailing list