Robert Harker Technical Wiki
Thoughts and Ideas About Large Sites

[ Prev ] [ Index ] [ Next ]

Firewall

TOPIC

# disable firewalld
systemctl disable firewalld.service
systemctl stop firewalld.service

# enable iptables
systemctl enable iptables.service

# configure firewall rules using lokkit
# creates /etc/sysconfig/iptables file
system-config-firewall

# Reboot (Just to make sure)

# Verify with:
iptables -t filter --line-numbers -vxnL

# Shows running service and recent logfile entries:
systemctl status iptables.service

# Lists iptables rules:
/usr/libexec/iptables/iptables.init status

# To get rid of errors:
# iptables -m state -state=NEW not supported

# Change iptables rules from:
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW ...
# to:
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT --match conntrack --ctstate NEW ...

# Admin tool, show IPTables State:
iptstate

# Optional for HA:
yum install conntrack-tools

# show conntrack table:
conntrack -L -o extended

Backlinks: index Start

Created with Zim desktop wiki

Robert Harker Technical WikiThoughts and Ideas About Large Sites

[ Prev ] [ Index ] [ Next ]

Firewall

TOPIC

Robert Harker Technical Wiki
Thoughts and Ideas About Large Sites