How to configure an iptables firewall on CentOS 6

As a quick note to self, here’s how I configured the firewall rules on a new CentOS 6 Linux server recently.

First, I created an “undo” script at /root/undo-iptables with these contents:



echo "running UNDO at `date`"      > $OUT
unalias mv                        >> $OUT 2>&1
mv /etc/sysconfig/iptables /tmp   >> $OUT 2>&1
/etc/init.d/iptables restart      >> $OUT 2>&1

I then made that file executable.

How to show the CentOS Linux version

CentOS Linux FAQ: What commands can I use to show what version of CentOS Linux I'm using?

There are at least two different ways to show what version of CentOS Linux you're using. First, you can use the Linux cat command on the /etc/redhat-release file. Here's the command, and sample output:

# cat /etc/redhat-release

CentOS release 5.6 (Final)

You can also use the lsb_release command with the -a option. Here's that command, and its output:

iptables restart tip - How to make your Linux iptables firewall automatically restart after a reboot

iptables restart FAQ: How do I make my iptables firewall start/restart after I reboot my Linux system?

I was going to write a tutorial about configuring a firewall on a Linux system using iptables, but then I found this great CentOS iptables tutorial, and I think they really nailed it.

The only thing I think they didn't fully cover is how you get your Linux iptables firewall to start up again properly after your Linux system is rebooted (which is kind of a huge deal). To that end, I thought I'd describe the process of getting your iptables firewall to restart after a system reboot.

And -- as an added bonus -- this same process will help you get any Linux service to automatically start after a reboot.

Open letter to Lance Davis (CentOS)

Ouch, I have no idea what happened over at CentOS, but it doesn't sound good. Eight of their developers signed (electronically) an "open letter" to Lance Davis (currently display on the centos.org home page). To say the least, it looks like there have been some communication problems on the team, which these developers have made very clear in both their open letter and in a separate statement of facts about their communication problems.

Syndicate content