Install CentOS 7.6 and configure it as a firewall router - Part7 - iptables

preview_player
Показать описание

In Part 7, I finish writing the iptables firewall_script and test it to make sure it is working as expected. New rules are added to iptables firewall script including a rule to port forward traffic on port 80 to the Squid proxy server on port 3128

Below is the firewall_script line by line:

#!/bin/bash
# Basic firewall script

# Define variables
ipt="/sbin/iptables"
int_intf=enp0s8
ext_intf=enp0s3

# Flush all active rules and delete all custom chains
$ipt -F
$ipt -t nat -F
$ipt -t mangle -F
$ipt -X
$ipt -t nat -X
$ipt -t mangle -X

# Set default policies
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P POSTROUTING ACCEPT
$ipt -t mangle -P PREROUTING ACCEPT
$ipt -t mangle -P POSTROUTING ACCEPT

# This line is necessary for the loopback interface
# and internal socket-based services to work correctly
$ipt -A INPUT -i lo -j ACCEPT

# Enable IP masquerading (NAT)
$ipt -t nat -A POSTROUTING -o $ext_intf -j MASQUERADE

# Allow outside connections to servers
$ipt -A INPUT -p tcp --dport 22 --sport 1024:65535 -m state --state NEW -j ACCEPT
$ipt -A INPUT -p tcp --dport 80 --sport 1024:65535 -m state --state NEW -j ACCEPT

# Enable unrestricted outgoing traffic, incoming traffic
# is restricted to locally-initiated sessions only
$ipt -A INPUT -i $ext_intf -m state --state ESTABLISHED,RELATED -j ACCEPT
$ipt -A INPUT -i $int_intf -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $ext_intf -o $int_intf -m state --state ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $int_intf -o $ext_intf -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Accept important ICMP messages
$ipt -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT

# Reject connection attempts not initiated from inside the LAN
$ipt -A INPUT -p tcp --syn -j DROP

# Send LAN web requests to Squid,
# the line below is commented out at first until Squid is installed and configured
#$ipt -t nat -A PREROUTING -i $int_intf -p tcp --dport 80 -j DNAT --to 172.16.1.1:3128

5. Start iptables then run your script to configure iptables

# service iptables start
# ./firewall_script //if errors exist fix script, save, and run script again

6. Take a screenshot of your firewall script and another of your firewall running successfully

# service iptables status
  1. danscourses
  2. iptables
  3. firewall
  4. script
  5. CentOS
  6. Linux
Рекомендации по теме
6 Linux CentOS 0:41:08

6 Linux CentOS 7 install and configure NIS

How to Install 0:05:48

How to Install & Configure Wine 1.7.34 on RHEL/CentOS 6/7 and Fedora Workstation 24/23/22

CentOS 6 Installation 0:13:52

CentOS 6 Installation Steps | How to Install CentOS

How to Install 0:08:31

How to Install Centos 7 on Vmware : Step by Step | Addicted One

Install CentOS 7.6 0:08:05

Install CentOS 7.6 and configure it as a firewall router - Part1

How to Install 0:47:01

How to Install CENTOS 7 in VirtualBox 6 and also solve Graphic Card Flikring Issue

Installing CentOS 7 0:11:31

Installing CentOS 7

How to Install 0:03:44

How to Install and Update OpenSSL on CentOS 6 / CentOS 7

How to Install 1:01:05

How to Install FreeBSD: KVM+QEMU, KDE Plasma 6, sudo, pkg Basics & Linux Binary Compatibility

Install CentOS 7.6 0:14:12

Install CentOS 7.6 and configure it as a firewall router - Part3

[Lab 6] Install 0:13:42

[Lab 6] Install and Configure Rsyslog on Centos 7

How to Install 0:04:54

How to Install CentOS 7 on VirtualBox in Windows 10 | IP CORE NETWORKS

How To Install 0:09:01

How To Install CentOS 7/8 on VMware ESXi Server

How to install 0:10:20

How to install CentOS 7 on Virtual Box

How to install 0:13:21

How to install CentOS 6

Connect CentOS Linux 0:08:21

Connect CentOS Linux to internet

How to install 0:13:57

How to install CentOS 7 on VirtualBox

How to Install 0:05:49

How to Install CentOS 7 with Custom Partition..

How to install 0:05:21

How to install anydesk on Centos 7,6 & Redhat 6,7,8 All Versions Linux.

install centOS 6 0:09:24

install centOS 6 on virtualbox 2022

How to install 0:04:51

How to install Apache Tomcat 9.0.6 on CentOS 7

6-CentOS 7 post 0:09:31

6-CentOS 7 post installation settings demo | Linux Tutorial | Linux Commands | Linux for Beginners

CentOS 7 Gnome 0:02:27

CentOS 7 Gnome Installation Steps on VMware Fusion 6

Install CentOS 7.6 0:12:15

Install CentOS 7.6 and configure it as a firewall router - Part2

Комментарии
Автор

I hope you finish the scenario :) Thanks for everything. You speech very clearly and well, i understand many of things.

takeit
Автор

Material: Nice to see you giving a lot more material on your channel of late. BTW, I really like your subnetting series!

siucbset
Автор

Really enjoying this video series, looking forward to the next =D any chance we could get a link to that instructon that you are following along with?

DeathMachine
Автор

Muchas gracias !! Thanks for the tutorial, really like this.

williamm
Автор

Hi im looking for local root exploit for cent os 6.10 (2.6.32 kernel) could you help me?

arvinmoravej
Автор

I'm almost positive I've copied the firewall script exactly, and yet I get


"Bad argument 'MASQUERADE' "
"Bad argument 'state' "

"Bad argument 'enp0s8' "
"Bad argument 'state' "

ThisCanNotBTheFuture