1,576
edits
Changes
m
Chris.johnson moved page OPS705 Lab 4 to OPS705 Lab 4 (2207) without leaving a redirect: Old version, archived.
== Part 1: Replacing ''firewalld'' with ''iptables'' ==
[[Image:Ops705_lab4_fig1.png|thumb|right|500px|Figure 1. Default iptables firewall rules.]]
The default firewall for CentOS, ''firewalld'' is more complex than we need. We'll be reverting to the easier to use ''iptables'' standard. '''Make sure you follow these instructions in order. If you don't, you may be locked out of your Linux VM forever.''' If you encounter errors on any step, stop and ask for help. Do not continue!
# Set your default policy for the INPUT chain to DROP: <code>iptables -P INPUT DROP</code>
# Remove the reject rule from the INPUT chain to hide our server from scans: <code> iptables -D INPUT 5</code>
# Set your default policy for the FORWARD chain to DROP: <code>iptables -P FORWARD DROP</code># Remove the reject rule from the FORWARD chain to hide it from scans.: <code>iptables -D FORWARD 1</code>
# To verify your work, log out of SSH and log back in. If you don't encounter any login issues, you're good to go.
# '''Assuming the step above works''', in your Linux VM, save your rule changes: <code>service iptables save</code>
