Thread: Simple firewall in CentOs

Hello Everybody!

I need help to setup a simple firewall for my webserver.

I have install httpd on my server make a index.html and so on.
There are 2 pc's
PC 1: ip range 192.168.4.0-63 | 255.255.255.192
PC 2: ip range 192.168.4.64-127 | 255.255.255.192

My plan with the firewall on the webserver is:

PC 1 can se the index.html or rather is allowed on the webserver.

PC 2 will be block/locked out from the webserver, so PC 2 can't se the index.html.

Can someone make just a simple firewall for that with iptables..?

Please say if you need some more information for helping me, i will hand it to you.

In advance thank you very much

Code:

#!/bin/bash

http_list="192.168.4.0/26"

# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

### Default Policy ###
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

### Permit Loopback Trafic ###
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

### Permit established connections inbound communication ###
iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT

### Permit SSH ###
iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT

###  Permit HTTP ###
  for s in $http_list; do
    iptables -A INPUT -p tcp --syn --dport 80 -s $s -j ACCEPT
  done

WARNING: This will drop everything except ssh acces and http from PC1 network , you should not issue service iptables restart after applying this rules or you'll get blocked out , instead use this reset script

Code:

#!/bin/bash

### Default Policy ###
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

How about?

1. CentOS / Redhat Iptables Firewall Configuration Tutorial
2. Linux Configure Firewall Using Shorewall Under RHEL / CentOS