echo "1" > /proc/sys/net/ipv4/ip_forward --> it is temporary same as:
/etc/sysctl.conf: net.ipv4.ip_forward=1
/etc/sysconfig/network: FORWARD_IPV4=yes -->reboot
than: chkconfig ipchains on, service ipchains start
==>ipchains -A forward -s 192.168.1.15/255.255.255.0 -j MASQ --> temporary
-L --> wait 2 c the list
ipchains-save > /etc/sysconfig/ipchains --> be saved for next time
basic firewall commands:
ipchains -F --> remove any existing chains
-A input -p tcp -j DENY --> deny tcp access 2 every1 both inside
-A output -p tcp -j DENY --> and outside your domain
-A forward -p tcp -j DENY
-A input -p tcp -s 192.168.0.254 -j DENY --> block incoming
packets from saspiciouse machine
-A output -p tcp -d 192.168.0.254 -j DENY --> block tcp outgoing
packets 2 the suspisious machine
-A input -p icmp -s 192.168.1.25 echo-request -j DENY --> block
ncoming ICMP (ping) packets from suspisious ip.(-D delete)
-D input 1 --> removes oll blocks in the tcp traffic.
-D output 1
-D forward 1
save it and chkconfig like above. than reboot for checking.
/etc/rc.d/rc.firewall
rc.masq --> config files
|