1,576
edits
Changes
m
Chris.johnson moved page OPS705 Lab 4 to OPS705 Lab 4 (2207) without leaving a redirect: Old version, archived.
== Part 1: Replacing ''firewalld'' with ''iptables'' ==
[[Image:Ops705_lab4_fig1.png|thumb|right|500px|Figure 1. Default iptables firewall rules.]]
The default firewall for CentOS, ''firewalld'' is more complex than we need. We'll be reverting to the easier to use ''iptables'' standard. '''Make sure you follow these instructions in order. If you don't, you may be locked out of your Linux VM forever.''' If you encounter errors on any step, stop and ask for help. Do not continue!
# Stop the ''firewalld'' service and start the ''iptables'' service in a single, chained command: <code> systemctl stop firewalld; systemctl start iptables</code>
# Check the status of the firewalld service. It should tell you it's stopped.
# Check the status of the iptables service. It should tell you it's '''active (running)'''.
# View your current iptables firewall rules: <code>iptables -L -vn --line-numbers</code>
# Refer to ''Figure 1''. If your rules at this stage look different, stop and contact your professor for help.
# Set your default policy for the INPUT chain to DROP: <code>iptables -P INPUT DROP</code>
# Remove the reject rule from the INPUT chain to hide our server from scans: <code> iptables -D INPUT 5</code>
# Set your default policy for the FORWARD chain to DROP: <code>iptables -P FORWARD DROP</code># Remove the reject rule from the FORWARD chain to hide it from scans.: <code>iptables -D FORWARD 1</code>
# To verify your work, log out of SSH and log back in. If you don't encounter any login issues, you're good to go.
# '''Assuming the step above works''', in your Linux VM, save your rule changes: <code>service iptables save</code>