OT: building a new MS machine and stuck at the firewall

shrek-m at gmx.de shrek-m at gmx.de
Tue Feb 28 01:12:09 GMT 2006


On 27.02.2006 21:32, Julian Field wrote:

>Once you've got iptables in, how do you configure it?
>Presumably there are some reasonable firewall configuration tools 
>included with RHEL/CentOS?
>

- afair
iptables via `system-config-securitylevel` or `setup`
selinux  via `system-config-securitylevel`
ipsec  via `system-config-network`

- you can edit  /etc/sysconfig/iptables*  by hand

- execute your  iptables rules and save it with `iptables-save` and 
check the new  /etc/sysconfig/iptables.
i am no expert but iirc you can setup your custom chain and process it 
before the rh fw chain, eg.
iptables -N MS
iptables -I INPUT 1 -j MS
iptables -A MS your_rules -j ACCEPT
service iptables save


- i prefer to stop the iptables service and start my own iptables-script 
via  /etc/rc.local  eg.
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -A INPUT ... -p tcp -m multiport --dport ... -j ACCEPT
iptables -t filter -A OUTPUT ... -p tcp -m multiport --sport ... -j ACCEPT
...



-- 
shrek-m


More information about the MailScanner mailing list