[CentOS] A little iptables help

Wed Sep 28 13:24:22 UTC 2005
Will McDonald <wmcdonald at gmail.com>

On 28/09/05, James Pifer <jep at obrien-pifer.com> wrote:
> Wondering if anyone is willing to give me a little assistance with some
> firewall rules. I think what I'm looking for is fairly simple, and I've
> been trying to use webmin's firewall module without success.
>
> I have a web server that I'd like to open up port 80 and forward a
> specific port for a select number of allowed ips. That's it. Everything
> else is dropped.
>
> allow: port 80
> allow: forward port 8000 for x.x.x.x to y.y.y.y
>
> Anyone willing to assist with the rules? And lastly, how would I apply
> it in a way that it will always be in affect? If the machine reboots for
> example.

Have a look at the bastion firewall setup examples from the O'Reilly
Linux Server Security book at http://examples.oreilly.com/linuxss2/

They should point you in the right direction. As for starting across
reboots, I'd place the script either in root's home or somewhere else
normal users can't get to and run it from /etc/rc.d/rc.local

Will.