I assumed this was a Centos 7 mailing list and I was looking for help with
IPTABLEs.I have used mailing lists before.? Copying a file to an email address
didn't have that type of output.? I apologize.
First of all is this a Centos 7 Mailing list that I can ask for help or have I
made a huge mistake?? IF so, should I just attach the file to the email.
I apologize for the output, I had no idea.? That's not the way it looked
when I sent it.
I am sorry.? I am just looking for some help with IPTABLES on Centos 7.
Please let me know and I won't send any more questions if I am not sending
to the right list for help and not the right way.
On Friday, June 1, 2018, 11:16:33 AM EDT, m.roth at 5-cent.us <m.roth at
5-cent.us> wrote:
Steve Frazier wrote:>? Thank you.? I apologize for sending something that could be read.? There
> are more examples in there that I had commented out.
> Anyway,? here is my working iptables-save.? If someone could review my
> output and let me know if I am missing anything and if the order of the
> rules are the most secure they could be.
> TIA.
>
Steve,
? Do you have any idea of what you're writing? Why are you emailing -
this *is* an email list - with run-on lines? I mean, really, can you
read what you sent, below?
? ? ? ? ? ? ? mark> Steve
>
> # Generated by iptables-save v1.4.21 on Fri Jun? 1 10:34:39
> 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT
> [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri
> Jun? 1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun? 1
> 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT
> [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A
> POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun? 1 10:34:39
> 2018# Generated by iptables-save v1.4.21 on Fri Jun? 1 10:34:39
> 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i
> lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s
> mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A
> INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i
> eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0
> -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state
> RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src
> -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j
> ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j
> REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun? 1
> 10:34:39 2018~~
>
> Steve
>
>
>
>
>? ? On Friday, June 1, 2018, 9:37:57 AM EDT, m.roth at 5-cent.us
> <m.roth at 5-cent.us> wrote:
>
>? Steve Frazier wrote:
>>? Hello,?
>> I hope that I can ask some questions on this mailing list about
>> IPTables.
>> I am more familiar with IPTABLES instead of FIREWALLD.? I disabled
>> FIREWALLD and installed?iptables-services.
>> I have put together a script that I found on the web on how to set up a
>> good set of IPTABLES rules to keep my server as secure as possible.
> <snip>
> That's *extremely* hard to read, esp. given that the numbered commands
> would fail, as they don't seem to be comments.
>
> Could you run it, and then give us the o/p of iptables-save?
>
> ? ? mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos
Alexander Dalloz
2018-Jun-01 16:41 UTC
[CentOS] Centos 7 (using iptables) removed firewalld
Am 01.06.2018 um 17:24 schrieb Steve Frazier:> I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before.? Copying a file to an email address didn't have that type of output.? I apologize. > First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake?? IF so, should I just attach the file to the email.Steve, you are right on this list with questions concerning CentOS 7. It is just the (repeated) formatting of your postings which makes it hard to reply with helpful on-topic answers. Just see yourself what you have sent so far: https://lists.centos.org/pipermail/centos/2018-June/169029.html https://lists.centos.org/pipermail/centos/2018-June/169027.html https://lists.centos.org/pipermail/centos/2018-June/169029.html Would you be willing yourself to decrypt such messages just to help someone else? And please, as this is a mailing list and as you can see from the archive, it is not necessary to quote everything of a previous list post. It is a mailing list and doing fine to be threaded, providing a historty. Quoting everything is just bloating the content. And reverse order of content is contrary usual reading top to bottom. Try to display your iptables rules for best readability on i.e. http://pastebin.centos.org/ with a live time setting of at least 1 week to be sure your content can be deciphered. Regards Alexander
Alexander Dalloz
2018-Jun-01 16:51 UTC
[CentOS] Centos 7 (using iptables) removed firewalld
Am 01.06.2018 um 18:41 schrieb Alexander Dalloz: [ ... ]> Steve, > > you are right on this list with questions concerning CentOS 7. It is > just the (repeated) formatting of your postings which makes it hard to > reply with helpful on-topic answers. Just see yourself what you have > sent so far: > > https://lists.centos.org/pipermail/centos/2018-June/169029.htmlSorry, the first link should have been your initial posting https://lists.centos.org/pipermail/centos/2018-June/169023.html> https://lists.centos.org/pipermail/centos/2018-June/169027.html > https://lists.centos.org/pipermail/centos/2018-June/169029.html[ ... ]> Regards > Alexander