UNIX or LINUX IP and Firewall Configuration, ifconfig, iptables

System Shut Down

Shutting Down

shutdown -h now
shutdown -h +15

Displays the file hello.txt

shutdown -r now
shutdown -r +15

Shut Down > Restart now or in 15 minutes.

 

IP Configuration

IP Configuration

ifconfig -a

ifconfig eth0

View all of the IP configuration

View the Configuration for eth0

Edit the ifcfg-eth0 file:

cat /etc/sysconfig/network-scripts/ifcfg-eth0 View the Config File
pico /etc/sysconfig/network-scripts/ifcfg-eth0 Edit and Save the Config File

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:13:72:5E:75:72
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet

Type in the new IP information. and save the file.


ifdown eth0

ifup eth0


 Restart the eth0 - the new configuration will take effect.

 

service network restart

(Restart network interfaces)

 

IP
Configuration
(Temporary)

ifconfig lo0 localhost up
ifconfig eth0 inet 192.168.1.1 netmask 255.255.255.0
broadcast 192.168.1.255

Temporarily uses the new IP until the next reboot.

Default
Gateway

Edit the network file:

cat /etc/sysconfig/network View the Network File
pico /etc/sysconfig/network Edit and Save the Network File

Default
Gateway
(Temporary)

route add default gw 192.168.1.1 eth0

Temporarily uses the new gateway IP
NETWORKING=yes
HOSTNAME=server11.ontariodatacenter.com
GATEWAY=192.168.1.1		 Type in the new gateway and host
information. and save the file.
service network restart Restart the network services

Domain Name
Servers

Edit the /etc/resolv.conf file:

cat /etc/resolv.conf View the resolv.conf File
pico /etc/resolv.conf Edit and Save the resolv.conf File

search ontariodatacenter.com
nameserver 172.102.245.2
nameserver 172.102.246.2
nameserver 8.8.8.8

Type in the new gateway and host
information and save the file.
hostname 

 Print the name of the host machine.
 

 

Firewall

Firewall with 
Editing iptables

iptables -L

cat /etc/sysconfig/iptables

View the current firewall configuration

View/read the real firewall file

Edit the iptables file:

pico /etc/sysconfig/iptables Edit and Save the firewall iptables file

.# This firewall is an example of a Linux web, ftp, pop3 & smtp server
.# It also limits ssh access to a block of IP - you need to customize the IPs to match your allowed IPs for ssh access
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [131962:7397220]
:inputf - [0:0]
-A INPUT -j inputf
-A FORWARD -j inputf
-A inputf -i lo -j ACCEPT
-A inputf -m state --state RELATED,ESTABLISHED -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A inputf -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A inputf -p ipv6-crypt -j ACCEPT
-A inputf -p ipv6-auth -j ACCEPT
-A inputf -j REJECT --reject-with icmp-host-prohibited
COMMIT
shutdown -r now Restart the server

Modifying the Current
Firewall Setting

iptables -I inputf 6 -p tcp -m state --state NEW -m tcp --dport 
143 -j ACCEPT

/sbin/service iptables save

Will insert this rule to the line 6 of inputf chain

Will SAVE the iptables with the new rule.

Firewall with
iptables command
Another Version

iptables -L

cat /etc/sysconfig/iptables

View the current firewall configuration

View/read the real firewall file

Copy IP Table for Backup:
##################
cp /etc/sysconfig/iptables iptablesbackup

# Clear all Tables
##################
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

#Set Default Policy
# Be Carefull : This will drop your ssh connection.
# This setting needs to be implemented from the machine's command line.
###################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Loopback setup
################
iptables -A INPUT -i lo -j ACCEPT

# Inbound connections
# Customize the below based on your needs for example to add POP3/Port 110 services add:
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
# add the above statement after Port 80 statement.
#####################
iptables -A INPUT -m state --state ESTABLICHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP

# Save the new setting
/sbin/service iptables save

 

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 928