13,420
edits
Changes
no edit summary
==== Using Firewalls in Linux (iptables)====
Since Linux servers may can be connected to the Internet, it is very important to run a firewall to control what comes into the computer system, what goes out of the computer system, and what may be forwarded to another computer. A utility called '''iptables''' can be used to set the firewall rules on a Linux server.
Basically, there is a list ('''chain''') of policy rules that packets must pass-through in order to handle packets. If a packet matches a rule, then an action is taken (some examples include: '''ACCEPT''', '''DROP''', '''REJECT''', or '''LOG'''). If the packet passes through the chain of rules without a match, then the packet is directed to the default policy chain (for example: ''ACCEPT'', ''REJECT'', or ''DROP'').
You can create your own '''customized chains ''' (which you will learn in OPS335 course) but to keep thing simple, we only deal with 3 '''common predefined chains''':
:*'''INPUT''': Packets coming into current Linux server
<li>Now insert a rule on the CentOS host that would ACCEPT connections from the centos3 VM only.</li>
<li>Fully test your configuration.</li>
<li>Flush the iptables rules for INPUT, OUTPUT and FORWARD chains.</li></ol>
{{Admon/important|Make Certain iptables rules are Flushed Before Saving|In the next section, you will learn to keep your iptables rules persistent, so they remain even if the Linux system is rebooted. If you do NOT flush the iptables rules prior to the next section, your lab6-checking script will not generate all OKs, and you may experience problems in lab7.}}
==== Making iptables Policies Persistent ====
Any changes to your iptables policy rules will be lost when you restart your Linux server, unless you make your iptables rules persistent. Failure to perform the following steps after setting up your firewall rules can cause confusion and wasted time.