Recommended Way Of Handling Iptables Firewall In CentOS?

Home » CentOS » Recommended Way Of Handling Iptables Firewall In CentOS?
CentOS 4 Comments

Hi,

I’m planning to use CentOS 6.x on a handful of LAN servers. So far I’ve been using Slackware64 14.0 and 14.1 for the job.

I wonder what’s the orthodox/recommended way of configuring and iptables firewall with CentOS. I understand there’s the system-config-securitylevel-tui NCurses interface which allows defining a basic set of rules. But what about the handful of more advanced rules I have to configure?

Here’s an example of an /etc/rc.d/rc.firewall script that I might use with Slackware. It contains mostly basic rules, and a couple of more advanced rules, one to limit SSH access, the other one to redirect HTTP
traffic to Squid.

If I want to copy my actual firewall configuration to CentOS, what would be the recommended way? I started from a bare bones minimal CentOS 6.5
installation, so system-config-securitylevel-tui is not even installed. Is it a good idea to try to configure /etc/sysconfig/iptables by hand?
What do you suggest?

Cheers,

Niki

4 thoughts on - Recommended Way Of Handling Iptables Firewall In CentOS?

  • Of course, if you are interested in something that will help you to organize your rules, there is always Shorewall ( Shoreline Firewall )
    which I have used for years and found very effective and time-saving.

  • Bare bones is fine, but you miss out on the tools which may make your life easier. As an example you can configure a DB (PostgreSQL, mySQL, whatever)
    using the command, but it is frequently more time-cost effective to use a tool.

    Things like SSH used to be optional at one time. Now it is in every distribution’s standard build. useradd is not really needed. How bare bones do you want to get?

    Cheers,

    Cliff

    CentOS mailing list CentOS@CentOS.org http://lists.CentOS.org/mailman/listinfo/CentOS