Wednesday Oct 10, 2012

enable iptables firewall on linux

 Here is a very basic set of instruction to setup a simple iptables firewall configuration on linux (redhat)

Enable firewall

log as root thenenter the following command, it launch a text gui

#> setup

first screen: Choose firewall configuration
second screen: choose "Enabled" then "Customize" 
third screen: select you interface in "Trusted Devices", select "Allow Incoming" for "SSH" "Telnet" "FTP" (add eventually other ports, then press "OK" (2 times, then "Quit")

At that point the firewall is enabled. You can start/stop/monitor using service iptables start/stop/status

Change timeout

to changed the tcp established connection timeout

#> echo 120 >    /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established 

Monitor connection in iptables tables

for example if you want to track a connection establish from a host  152.68.65.207

#> cat /proc/net/ip_conntrack |grep 152.68.65.207

 

Change tcp keepalive parameter on Kinux

#> /sbin/sysctl net.ipv4.tcp_keepalive_time net.ipv4.tcp_keepalive_intvl net.ipv4.tcp_keepalive_probes #> /sbin/sysctl net.ipv4.tcp_keepalive_time=60 net.ipv4.tcp_keepalive_intvl=5 net.ipv4.tcp_keepalive_probes=6

tcp_keepalive_time: "idle" time in seconds before sending a empty packet to keep the connection alive
tcp_keepalive_probes: number of attempts to keep the connection Alive (if at the end it fails the connection is considered as down) 
tcp_keepalive_intvl: number of second between 2 attempts

About

Patrice Duc-Jacquet

Search

Categories
Archives
« October 2012
SunMonTueWedThuFriSat
 
1
2
3
4
5
6
7
8
9
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today