8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Home » Articles » Linux » Here
This article covers basic Linux firewall management, with specific reference to the information needed for the RHCSA EX200 certification exam. Extra information is required for the RHCE EX300 certification exam, which will be supplied by another article.
Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.
Related articles.
Installation
Most installations will include the firewall functionality. If you need to manually install it, the following commands will install the IP4 and IP6 firewall functionality. In this article we will only consider the IP4 settings.
- Screens Connect is a free utility that lets you connect back to your Mac or Windows PC from anywhere in the world. Download Screens Connect 4 (macOS 10.11 or later) Screens.
- Remote from anywhere. See desktop, including full screen WMC. Won't disrupt current login (like logging off local PC, or changing desktop resolution of local PC, or breaking audio/hdcp/hdmi handshake). 100% reliable and easy to follow setup instructions.
- From VNC Server 6.3.2, you can blank the screens of most Windows computers (up to and including Windows 10).This is equivalent to turning the monitor(s) attached to a remote computer off so people in the vicinity can't see what you're doing. Note: You cannot blank the screens of remote Linux or Mac computers, and there are limitations for some Windows 8 and 10 computers, particularly laptops.
VNC, or Virtual Network Computing, is a protocol that allows a user to control their computer from afar using a VNC client. VNC takes a bit of time and effort to set up, but when done correctly this setup can provide an easy, efficient, and secure way to access your home or work desktop while on the go.
Icompta 6 6 0 14. Make sure the service is started and will auto-start on reboot.
You can check the current status of the service using the following command.
To disable the firewall, run the following commands. Versatil markdown 2 0 50 – markdowncommonmark hypernotebook editor.
system-config-firewall
Screens Vnc Access Your Computer From Anywhere 3 6 11 Months
The GUI screen to control the firewall is available from the menu (System > Administration > Firewall) or can be started from the command line using the
system-config-firewall
command. If it is not already present, it can be installed using the following command.Once started, the toolbar provides buttons to allow the firewall to be enabled/disabled. You can also configure basic trusted services, such as SSH, FTP and HTTP, by putting a tick in the appropriate checkbox and clicking the 'Apply' button on the toolbar.
The 'Other Ports' section allows you to open ports that are not covered in the 'Trusted Services' section.
system-config-firewall-tui
The TUI utility is similar to the GUI utility shown above, but it feels incredibly clumsy in comparison. If it is not already present, it can be installed using the following command.
Running the
system-config-firewall-tui
command from the command line produces the top-level screen, allowing you to enable/disable the firewall. Use the space bar to toggle the setting, the tab key to navigate between buttons and the return key to click them.To alter the Trusted Services, tab to the 'Customize' button and press the return key. Amend the list using the arrow and space keys.
You can close out of the customization section at any point. The other sections of the GUI tool are available by clicking the 'Forward' button on each successive screen.
iptables
In addition to the GUI and TUI interfaces, the firewall rules can be amended directly using the
iptables
command. There are vast number of parameters, so I will just focus on the elements necessary for the RHCSA exam.The firewall consists of chains of rules that determine what action should be taken for packets processed by the system. By default, there are three chains defined:
INPUT
: Used to check all packets coming into the system.OUPUT
: Used to check all packets leaving the system.FORWARD
: Used to check all packets being routed by the system. Unless you are using your server as a router, this chain is unnecessary.
Screens Vnc Access Your Computer From Anywhere 3 6 11 Free
Each chain can contain multiple explicit rules that are checked in order. If a rule matches, the associated action (
ACCEPT
and DROP
being the most common) is taken. If no specific rule is found, the default policy is used to determine the action to take.Since the default policy is a catch-all, one of two basic methods can be chosen for each chain.
- Set the default policy to
ACCEPT
and explicitlyDROP
things you don't want. - Set the default policy to
DROP
and explicitlyACCEPT
things you do want.
The safest option is to set the default policy to
DROP
for the INPUT
and FORWARD
chains, so it is perhaps a little surprising that the GUI and TUI tools set the default policies to ACCEPT
, then use an explicit REJECT
as the last rule in these chains.This works fine, but if you accidentally get rid of the last rule in the chain you are in trouble. For this reason, for the remainder of this section I will assume that the default policy for
INPUT
and FORWARD
is DROP
. For the OUTPUT
chain I will assume any packets originating from the system are safe, so I will ACCEPT
any outgoing packets.The default policy for a chain is set using the '-P' flag. In the following example, assuming no specific rules were present, all communication to and from the server would be prevented.
Warning: If you are administering the firewall via SSH, having a default
INPUT
policy of DROP
will cut your session off if you get rid of the explicit rules that accept SSH access. As a result, it makes sense to start any administration by setting the default policies to ACCEPT
and only switch them back to DROP
once the chains have been built to your satisfaction. The following example temporarily sets the default policies to ACCEPT
.The next thing we want to do if flush any existing rules, leaving just the default policies. This is done using the '-F' flag.
Now we need to define specific rules for the type of access we want the server to have. Focusing on the
INPUT
chain, we can grant access to packets in a number of ways. Once the explicit rules are defined, we need to set the real default policies.
Screens Vnc Access Your Computer From Anywhere 3 6 11 Inch
Rule and policy definitions take effect immediately.To make sure they persists beyond reboot the current configuration must be saved to the '/etc/sysconfig/iptables' file using the following command.
If you are using Fedora, you may need to use the following command instead.
As you can imagine, even in a simple configuration this process can get a bit long-winded, so it makes sense to combine all the elements of the firewall definition into a single file so it can be amended and run repeatedly. Create a file called '/root/firewall.sh' with the following contents. Think of this as your starting point for each server.
Make the file executable.
Run the file to set the required firewall rules.
The
iptables
command also allows you to insert (-I), delete (-D) and replace (-R) rules, but if you work using a file as described above, you never need to use these variations.Quick Database Setup
If you are using the server as an Oracle database server, you will probably want to make sure the SSH and Oracle listener ports are accessible. You could lock these down to specific source IP addresses, but for a quick setup, you could just do the following, where '1521' is the port used for the listener.
For more information see:
Screens Vnc Access Your Computer From Anywhere 3 6 11 0
Hope this helps. Regards Tim..