#4 -How To Migrate from FirewallD to Iptables on CentOS 7 and install Dome9 ✔️
Dome9 Cloud Security – Secure Your Cloud™
1 – How To Migrate from FirewallD to Iptables on CentOS 7
Download and install the service files by typing:
# sudo yum install iptables-services
This will download and install the systemd scripts used to manage the iptables service. It will also write some default iptables and ip6tables configuration files to the /etc/sysconfig directory.
Construct your Iptables Firewall Rules
Next, you need to construct your iptables firewall rules by modifying the /etc/sysconfig/iptables and
/etc/sysconfig/ip6tables files. These files hold the rules that will be read and applied when we start the iptables service.
IPV4 Rules
iptables -A OUTPUT -p udp –dport 53 -j ACCEPT
iptables -A INPUT -p tcp –dport 53 -j ACCEPT
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 465 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 587 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 995 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 993 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 10000 -j ACCEPT
iptables -I INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
IPV6 Rules (in my case i want drop connection on certain port for IPV6)
ip6tables -A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 25 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 143 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 465 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 587 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 995 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 993 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp –dport 10000 -j ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P INPUT DROP
ip6tables -L -n
ip6tables-save | sudo tee /etc/sysconfig/ip6tables
Stop the FirewallD Service and Start the Iptables Service :
# sudo systemctl stop firewalld && sudo systemctl start iptables; sudo systemctl start ip6tables
Disable the FirewallD Service and Enable the Iptables Services :
# sudo systemctl disable firewalld
# sudo systemctl mask firewalld
# sudo systemctl enable iptables
# sudo systemctl enable ip6tables
# service iptables restart
# service ip6tables restart
2 – How To Setup Dome9 Service on Centos
Create an account at : https://secure.dome9.com/Account/Register
Install dome9 agent on your centos by copy past the code from dome9 Dashboard
wget -q -O – ‘https://secure.dome9.com/download/linuxinstallscript?pairkey=p0c6d6x51d9qomycdoy&secgroups=Dome9Default&servername=Magenik Tutorial’ | sh
You don’t have to do anything about iptables or firewalld( in case you still use firewalld instead of iptables)
Dome9 will care of the firewall by itself
After creating my first rules and adding my ip on that rules i can now connect back to my server via SSH
Create rules for each port that you want to be open to public as HTTP, game port
but never open to public access your SSH port or webmin they are sensitive port for hackers
Mysql port also lock it to your IP only or your developer’s Ip
centos 7
3:12 Free after trial period with basic configuration? Can you explain what limitations those are?