In few sentence I will describe a network environment. There are two networks 192.168.100.0/24 and 192.168.200.0/24. The first one is work environment, in this network we will setup services, and all members of this group will be able to access to this services. Second one is for testing purposes and we will deny access to services in first group.

This chapter will cover security on RHEL system. Attention will be directed to security stuff, and setup for some services will be basic. About some more complex setup you can find on links about themselves services.

There are two ways to configure firewall on RHEL.
First of them is to use system-config-securitylevel.

[root@security1 ~]# system-config-securitylevel

When you add all ports you want to use then system will generate default chain name for iptables. In mine case I enable only SSH , so I have only port 22 in that iptables. This we can see in file /etc/sysconfig/iptables. This is good point to start, but many people love to write themselves chain. After this should save your wort and restart service.

[root@ security1 ~]# service iptables save
[root@ security1 ~]# /etc/init.d/iptables restart

Second way to write your firewall is to directly change /etc/sysconfig/iptables . After this you should restart iptables service.

[root@security1 ~]# /etc/init.d/iptables restart

In this exercise we will setup that all incoming traffic are going to chain which name will be SECURITY.

[root@security1 ~]# iptables -N SECURITY This will add new chain named SECURITY
[root@ security1 ~]#iptables -I INPUT 1 -j SECURITY This will reroute all incoming traffic to SECURITY chain
[root@ security1 ~]# service iptables save
[root@security1 ~]# /etc/init.d/iptables restart

After this, I make my own script for make firewall. You need to add execute permission on this file, and start it as I do after.

[root@security1 ~]# cat firewallmake.sh
#!/bin/bash
echo
echo -n "Insert port number: "
read BROJ
echo -n "Insert protocol type you will use: "
read PROTOKOL
iptables -A INPUT -p $PROTOKOL -s 192.168.100.0/24 --dport $BROJ -j ACCEPT
echo -n "Do you have more rules for firewall 1/0? "
read Y
if [ "$Y" == "1" ]
then
sh firewallmake.sh
else
service iptables save
fi
[root@security1 ~]# chmod +x firewallmake.sh