Re: Centos 7 (using iptables) removed firewalld

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



 I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before.  Copying a file to an email address didn't have that type of output.  I apologize.
First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake?  IF so, should I just attach the file to the email.
I apologize for the output, I had no idea.  That's not the way it looked when I sent it.
I am sorry.  I am just looking for some help with IPTABLES on Centos 7.
Please let me know and I won't send any more questions if I am not sending to the right list for help and not the right way.


    On Friday, June 1, 2018, 11:16:33 AM EDT, m.roth@xxxxxxxxx <m.roth@xxxxxxxxx> wrote:  
 
 Steve Frazier wrote:
>  Thank you.  I apologize for sending something that could be read.  There
> are more examples in there that I had commented out.
> Anyway,  here is my working iptables-save.  If someone could review my
> output and let me know if I am missing anything and if the order of the
> rules are the most secure they could be.
> TIA.
>
Steve,

  Do you have any idea of what you're writing? Why are you emailing -
this *is* an email list - with run-on lines? I mean, really, can you
read what you sent, below?

              mark
> Steve
>
> # Generated by iptables-save v1.4.21 on Fri Jun  1 10:34:39
> 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT
> [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri
> Jun  1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun  1
> 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT
> [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A
> POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun  1 10:34:39
> 2018# Generated by iptables-save v1.4.21 on Fri Jun  1 10:34:39
> 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i
> lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s
> mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A
> INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i
> eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0
> -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state
> RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src
> -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j
> ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j
> REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun  1
> 10:34:39 2018~~
>
> Steve
>
>
>
>
>    On Friday, June 1, 2018, 9:37:57 AM EDT, m.roth@xxxxxxxxx
> <m.roth@xxxxxxxxx> wrote:
>
>  Steve Frazier wrote:
>>  Hello, 
>> I hope that I can ask some questions on this mailing list about
>> IPTables.
>> I am more familiar with IPTABLES instead of FIREWALLD.  I disabled
>> FIREWALLD and installed iptables-services.
>> I have put together a script that I found on the web on how to set up a
>> good set of IPTABLES rules to keep my server as secure as possible.
> <snip>
> That's *extremely* hard to read, esp. given that the numbered commands
> would fail, as they don't seem to be comments.
>
> Could you run it, and then give us the o/p of iptables-save?
>
>     mark
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
  
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux