DokuWiki » Infrastructure » Operating System » CentOS 6

h1. Configure firewall

h2. Requirements

To configure Firewall you will need the following:

* a installed and supported operating system (e.g. CentOS 6.x)

* root-access

h2. Preliminary Note

It is good practice to open only those ports needed.

h2. Configure

<pre><code class="bash">

system-config-firewall-tui

</code></pre>

Main-Page, this is the place to enable/disable the firewall, via @Customize@ you can alter the configuration

!{width 500}system-config-firewall-tui-1.png!

The @Trusted Service@ page allows to open common ports for incoming connections, e.g. @22 SSH@

!{width 500}system-config-firewall-tui-2.png!

Ports not being listed in the @Trusted Services@ might be opened here, e.g. @5432 PostgreSQL@

!{width 500}system-config-firewall-tui-3.png!

If you trust all participants on a specific network-interface, you can mark them here:

!{width 500}system-config-firewall-tui-4.png!

Same goes with @Masquerading@

!{width 500}system-config-firewall-tui-5.png!

@Portforwarding@ usually goes with @Masquerading@

!{width 500}system-config-firewall-tui-6.png!

If you want to ignore certain ICMP types, e.g. Ping, this is the place

!{width 500}system-config-firewall-tui-7.png!

Anything not being covered in the previous screens might be entered here

!{width 500}system-config-firewall-tui-8.png!

After doing some changes to the configuration you will be asked to confirm the changes.

!{width 500}system-config-firewall-tui-9.png!

It is always worth double check the configuration by

<pre><code class="bash">

service iptables status

</code></pre>

or

<pre><code class="bash">

cat /etc/sysconfig/system-config-firewall

</code></pre>

or

<pre><code class="bash">

cat /etc/sysconfig/iptables

</code></pre>