iptables setup on centos
DESCRIPTION
Setup Iptables Firewall on CentosTRANSCRIPT
T h u r s d a y , A p r i l 7 , 2 0 1 1
Secure your Kloxo Installation with your Firewall/IPTABLES
Stop iptables service:/etc/init.d/iptables stop
Disable iptables service:chkconfig iptables off
Copy this code to /etc/init.d/firewall (Reminder: Disable "word wrap" in your text editor. Ex.:nano -w /etc/init.d/firewall)
#!/bin/sh# firewall# chkconfig: 3 21 91# description: Starts, stops iptables firewall
case "$1" instart)
# Clear rulesiptables -t filter -Fiptables -t filter -Xecho - Clear rules : [OK]
# SSH Iniptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPTecho - SSH : [OK]
# Don't break established connectionsiptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPTecho - established connections : [OK]
# Block all connections by defaultiptables -t filter -P INPUT DROPiptables -t filter -P FORWARD DROPiptables -t filter -P OUTPUT DROPecho - Block all connections : [OK]
# Loopbackiptables -t filter -A INPUT -i lo -j ACCEPTiptables -t filter -A OUTPUT -o lo -j ACCEPTecho - Loopback : [OK]
# ICMP (Ping)iptables -t filter -A INPUT -p icmp -j ACCEPTiptables -t filter -A OUTPUT -p icmp -j ACCEPTecho - PING : [OK]
# DNS In/Outiptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPTiptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPTiptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPTiptables -t filter -A INPUT -p udp --dport 53 -j ACCEPTecho - DNS : [OK]
# NTP Outiptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPTecho - NTP : [OK]
linux (15)
centos (9)
Google (8)
Apache (5)
Kaltura (5)
aws (5)
API (3)
Drupal (3)
Kloxo (3)
Typo3 (3)
Video (3)
Wowza (3)
CMS (2)
alfresco (2)
cloud (2)
facebook (2)
rackspace (2)
red5 (2)
social (2)
.htaccess (1)
Android (1)
Diaspora (1)
PC Tools (1)
SEO (1)
Webdesign allgemein (1)
bitnami (1)
canonical (1)
ec2 (1)
encoding (1)
mobile (1)
open source (1)
typo3 extensions (1)
ubuntu (1)
Labels
leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...
1 of 4 7/28/2013 12:58 AM
# FTP Outiptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT# FTP Iniptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPTiptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPTiptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTecho - FTP : [OK]
# HTTP + HTTPS Outiptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT# HTTP + HTTPS Iniptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPTiptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPTecho - HTTP/HTTPS : [OK]
# Mail SMTP:25iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPTecho - SMTP : [OK]
# Mail POP3:110iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPTecho - POP : [OK]
# Mail IMAP:143iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPTecho - IMAP : [OK]
# Kloxoiptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPTiptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPTecho - Kloxo : [OK]
echo - Firewall [OK]exit 0;;
stop)echo "Stopping Firewall: "iptables -P INPUT ACCEPTiptables -P OUTPUT ACCEPTiptables -t filter -Fexit 0;;*)echo "Usage: /etc/init.d/firewall {start|stop}"exit 1;;esac
Enable/Start Firewall Service
chmod 700 /etc/init.d/firewall
add firewall service:chkconfig -–add firewall
auto start firewall:chkconfig -–level 2345 firewall on
start firewall:/etc/init.d/firewall start
leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...
2 of 4 7/28/2013 12:58 AM
Newer Post Older PostHome
Subscribe to: Post Comments (Atom)
Labels: centos, Kloxo
If you have slave server, add this on the master
iptables -t filter -A INPUT -p tcp -s SLAVE_IP --dport 7779 -j ACCEPTiptables -t filter -A OUTPUT -p tcp -d SLAVE_IP --dport 7779 -j ACCEPT
Note: replace SLAVE_IP with your Slave server IP.
Add this on slave server
iptables -t filter -A INPUT -p tcp -s MASTER_IP --dport 7779 -j ACCEPTiptables -t filter -A OUTPUT -p tcp -d MASTER_IP --dport 7779 -j ACCEPT
Note: replace MASTER_IP with your Master server IP.
After all always a good idea/sbin/service httpd restart
Recommend this on Google
Comment as:
Create a Link
No comments:
Post a Comment
Links zu diesem Post
Whorush: 18 sites by this AdSense ID
leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...
3 of 4 7/28/2013 12:58 AM
leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...
4 of 4 7/28/2013 12:58 AM