On 23/05/16 14:55, Mike wrote:
The last two router/firewall servers I had used Slackware and Gentoo. I'm used to writing complete and explicit iptables rules; however, when I set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable.
For example, I'm used to stating postrouting masquerade as:
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE
But when I use the rule above, iptables.service fails upon start and exits.
Through a series of trial and error, I found a correct masquerade statement:
*nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE COMMIT
This looks similar to output from iptables-save.
Another example:
/usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP [DOES NOT WORK]
*filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP COMMIT [DOES WORK]
After using iptables for a long time, I can't figure out where this syntax comes from. Can anyone point me in the right direction to understand the proper syntax necessary in /etc/sysconfig/iptables?
By default CentOS 7 uses firewalld and not iptables - check what is enabled and running with
systemctl status firewalld.service
or if you want to see all that is running on your server/PC
systemctl
HTH
Thanks for your help. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos