[CentOS] CentOS 6.3 as Firewall/Router

Fri Jan 4 20:03:31 UTC 2013
Dale Dellutri <daledellutri at gmail.com>

On Fri, Jan 4, 2013 at 11:01 AM, Tim Evans <tkevans at tkevans.com> wrote:
> I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new
> CentOS 6.3 system.  In the olden days, I successfully used the attached
> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't
> seem to be quite working on the new system.
> Specifically, while it seems to be routing ok, you cannot connect to
> anything on the inside net (e.g., with ssh or a browser) and cannot connect
> to the system with ssh or anything else from elsewhere on the inside net.
> Yet arp shows this system active.
> Is there obsolete stuff here, and/or anything missing that would cause this?

You found the error, but I have a question about running this in rc.local.

Aren't you opening a very short time security hole by running this from
rc.local?  Service network starts up early in the startup sequence
(/etc/rc.d/rc3.d/S10network), and rc.local is at the very end.

Wouldn't it be better to run the iptables rules once, then do:
  service iptables save
This way, iptables rules would be in place (S08iptables) before
netowrk startup.

Dale Dellutri