Le 13/10/2014 11:11, Reindl Harald a écrit :
just write a bash script which resets and configures iptables with the "iptables" command and at the end of the script call "/sbin/service iptables save" which writes the current rules to /etc/sysconfig/iptables and so at boot the rules get loaded atomically
Thanks very much! I followed your advice, and here's a first version of a firewall script for a LAN server:
https://github.com/kikinovak/centos/blob/master/6.x/firewall/firewall-lan.sh
Cheers,
Niki
On Mon, 2014-10-13 at 12:30 +0200, Niki Kovacs wrote:
Le 13/10/2014 11:11, Reindl Harald a écrit :
just write a bash script which resets and configures iptables with the "iptables" command and at the end of the script call "/sbin/service iptables save" which writes the current rules to /etc/sysconfig/iptables and so at boot the rules get loaded atomically
Thanks very much! I followed your advice, and here's a first version of a firewall script for a LAN server:
https://github.com/kikinovak/centos/blob/master/6.x/firewall/firewall-lan.sh
Cheers,
Niki
Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving.
Le 13/10/2014 13:36, Ron Loftin a écrit :
Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving.
Thanks for the suggestion, I'll look into it. Though I admit having a clear preference for the bare bones approach to all things Linux. My favorite configuration tool is Vi :o)
Cheers,
Niki
Bare bones is fine, but you miss out on the tools which may make your life easier. As an example you can configure a DB (PostgreSQL, mySQL, whatever) using the command, but it is frequently more time-cost effective to use a tool.
Things like SSH used to be optional at one time. Now it is in every distribution's standard build. useradd is not really needed. How bare bones do you want to get?
Cheers,
Cliff
On Tue, Oct 14, 2014 at 12:41 AM, Niki Kovacs info@microlinux.fr wrote:
Le 13/10/2014 13:36, Ron Loftin a écrit :
Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall ) which I have used for years and found very effective and time-saving.
Thanks for the suggestion, I'll look into it. Though I admit having a clear preference for the bare bones approach to all things Linux. My favorite configuration tool is Vi :o)
Cheers,
Niki
-- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Cliff Pratt -
Niki Kovacs -
Ron Loftin