Data Sat, 20 Jul 2019 06:53:56 +0800
Ed Greshko <ed.greshko(a)greshko.com> napisał(a):
On 7/20/19 6:20 AM, Tim Evans wrote:
> Installing F30, adding iptables and my current ruleset, and
> disabling firewalld looks very simple and quick. Why shouldn't I do
> it?
>
> If necessary, I can post an anonymized copy of the iptables ruleset
> on pastbin, but really looking for higher level advice.
>
Not necessary. But not everything you'll need will be installed by
default.
You'll need iptables-services:
Description : iptables services for IPv4 and IPv6
:
: This package provides the services iptables and
ip6tables that have : been split out of the base package since they
are not active by : default anymore.
At the very least. (Actually, that may be all that you'll need)
It's exactly all.
systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables
systemctl start iptables
It's the same in Fedora and in CentOS. If I don't need fail2ban, I
actually prefer plain iptables. Make sure you have some emergency access
to the machine before running iptables script, or run it like
systemctl start iptables ;; sleep 30 ;; systemctl stop iptables
I cut myself from a system more than one time.
--
Łukasz Posadowski