I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before. Copying a file to an email address didn't have that type of output. I apologize. First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake? IF so, should I just attach the file to the email. I apologize for the output, I had no idea. That's not the way it looked when I sent it. I am sorry. I am just looking for some help with IPTABLES on Centos 7. Please let me know and I won't send any more questions if I am not sending to the right list for help and not the right way. On Friday, June 1, 2018, 11:16:33 AM EDT, m.roth@xxxxxxxxx <m.roth@xxxxxxxxx> wrote: Steve Frazier wrote: > Thank you. I apologize for sending something that could be read. There > are more examples in there that I had commented out. > Anyway, here is my working iptables-save. If someone could review my > output and let me know if I am missing anything and if the order of the > rules are the most secure they could be. > TIA. > Steve, Do you have any idea of what you're writing? Why are you emailing - this *is* an email list - with run-on lines? I mean, really, can you read what you sent, below? mark > Steve > > # Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT > [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri > Jun 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 > 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT > [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A > POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun 1 10:34:39 > 2018# Generated by iptables-save v1.4.21 on Fri Jun 1 10:34:39 > 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT > [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i > lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s > mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A > INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i > eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0 > -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state > RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src > -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j > ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j > REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun 1 > 10:34:39 2018~~ > > Steve > > > > > On Friday, June 1, 2018, 9:37:57 AM EDT, m.roth@xxxxxxxxx > <m.roth@xxxxxxxxx> wrote: > > Steve Frazier wrote: >> Hello, >> I hope that I can ask some questions on this mailing list about >> IPTables. >> I am more familiar with IPTABLES instead of FIREWALLD. I disabled >> FIREWALLD and installed iptables-services. >> I have put together a script that I found on the web on how to set up a >> good set of IPTABLES rules to keep my server as secure as possible. > <snip> > That's *extremely* hard to read, esp. given that the numbered commands > would fail, as they don't seem to be comments. > > Could you run it, and then give us the o/p of iptables-save? > > mark > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos