HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_144
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 144 [root@deep /]# /etc/rc.d/init.d/firewall stop Shutting Firewalling Services: [  OK  ] · To start manually the firewall on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/firewall start Starting Firewalling Services: [  OK  ] Deny access to some address Some time you know an address that you would like to block from any access on your server. You can do that by creating the  rc.firewall.blocked file under “/etc/rc.d/” directory and uncomment the following lines in your firewall rules scripts file: Edit your firewall scripts file (vi /etc/rc.d/init.d/firewall) and uncomment the following lines:     if [ -f /etc/rc.d/rc.firewall.blocked ]; then         . /etc/rc.d/rc.firewall.blocked     fi Create the rc.firewall.blocked file (touch /etc/rc.d/rc.firewall.blocked) and add inside this file all IP address you wan to block from any access on your server: For example, I put the following IP addresses in this file: 204.254.45.9 187.231.11.5 Further documentation For more details, there are several man pages you can read: $ ipchains (8) - IP firewall administration $ ipchains -restore (8) - restore IP firewall chains from stdin $ ipchains -save (8) - save IP firewall chains to stdout IPCHAINS Administrative Tools The commands listed bellow are some that we use often in our regular use but much more exist and you must check the man page and documentation for more details and information. ipchains The ipchains tool is used for the firewall administration of the Linux system. We can use it to set up a firewall rules files like we are doing in this book. Once firewall rule has be created we can play with it many commands to maintain, and inspect it rules in the Linux kernel. · To list all rules in the selected chain, use the command: [root@deep /]# ipchains -L This command will list all rules in the selected chain. If no chain is selected, all chains are listed. · To list all input rules in the selected chain, use the command: [root@deep /]# ipchains -L input This command will list all input rules we are configured in the selected chain. · To list all output rules in the selected chain, use the command: [root@deep /]# ipchains -L output