The association between the two utilities is subtle, which has led to confusion among Linux users and developers. If your firewall doesn’t automatically restart when your CentOS system is rebooted, see this article.In Red Hat Enterprise Linux (RHEL) 8, the userspace utility program iptables has a close relationship to its successor, nftables. Once I was satisfied with them, I rebooted the system to make sure the rules came back up automatically after a restart.ĭepending on your speed, you may want to adjust the time values in the crontab entry, but other than that, I followed this process on a new, remote CentOS 6 server, and it worked just fine. Now I just ran this file like this: # cd /rootĪfter that I tested different ports to make sure they weren’t publicly exposed. Iptables -A INPUT -p tcp -m tcp -dport 22 -m limit -limit 48/hour -j ACCEPT # if it makes more attempts the door is closed till 5 minutes are over. # only allow 5 TCP/SYN packets to port 22 from an IP address in 5 minutes. Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Accept packets belonging to established and related connections # Set default policies for INPUT, FORWARD and OUTPUT chains Iptables -A INPUT -p tcp -dport 80 -j ACCEPT Iptables -A INPUT -p tcp -dport 22 -j ACCEPT # This is essential when working on remote servers via SSH to prevent locking yourself out of the system Next, I created the following file at /root/myfirewall: #!/bin/bash Those two steps should have the effect of undo-ing my firewall rules every 15 minutes, in case I screw them up. Next, I added this entry to the root user crontab, using the crontab -e command: # undo the iptables stuff in case i mess it up Mv /etc/sysconfig/iptables /tmp > $OUT 2>&1 As a quick note to self, here’s how I configured the firewall rules on a new CentOS 6 Linux server recently.įirst, I created an “undo” script at /root/undo-iptables with these contents: #!/bin/sh
0 kommentar(er)
