gateway_centos_7
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| gateway_centos_7 [2015/03/30 19:50] – herwarth | gateway_centos_7 [2016/01/01 14:05] (current) – herwarth | ||
|---|---|---|---|
| Line 195: | Line 195: | ||
| . | . | ||
| visible_hostname gateway.lz.local | visible_hostname gateway.lz.local | ||
| - | http_port 3128 | + | http_port |
| . | . | ||
| #enable only (adapt to zorgnet subnet) | #enable only (adapt to zorgnet subnet) | ||
| Line 202: | Line 202: | ||
| #enable 1024MB cache-size | #enable 1024MB cache-size | ||
| cache_dir ufs / | cache_dir ufs / | ||
| + | . | ||
| + | # Diable IPv6 | ||
| + | dns_v4_first on | ||
| . | . | ||
| </ | </ | ||
| Line 376: | Line 379: | ||
| | | ||
| ====Create new zones==== | ====Create new zones==== | ||
| - | firewall-cmd --permanent --new-zone=local | ||
| firewall-cmd --permanent --new-zone=zorgnet | firewall-cmd --permanent --new-zone=zorgnet | ||
| Line 383: | Line 385: | ||
| firewall-cmd --permanent --zone=public --add-source=0.0.0.0/ | firewall-cmd --permanent --zone=public --add-source=0.0.0.0/ | ||
| firewall-cmd --permanent --zone=public --add-source=::/ | firewall-cmd --permanent --zone=public --add-source=::/ | ||
| - | |||
| - | firewall-cmd --permanent --zone=local --add-source=172.16.3.0/ | ||
| firewall-cmd --permanent --zone=zorgnet --add-source=10.108.108.0/ | firewall-cmd --permanent --zone=zorgnet --add-source=10.108.108.0/ | ||
| Line 401: | Line 401: | ||
| firewall-cmd --permanent --zone=public --add-service=http | firewall-cmd --permanent --zone=public --add-service=http | ||
| firewall-cmd --permanent --zone=public --add-service=https | firewall-cmd --permanent --zone=public --add-service=https | ||
| - | + | | |
| - | | + | |
| - | firewall-cmd --permanent --zone=local --add-service=http | + | |
| - | firewall-cmd --permanent --zone=local --add-service=https | + | |
| firewall-cmd --permanent --zone=zorgnet --add-service=ssh | firewall-cmd --permanent --zone=zorgnet --add-service=ssh | ||
| Line 415: | Line 412: | ||
| ====Set default zone==== | ====Set default zone==== | ||
| - | firewall-cmd --set-default-zone=local | + | firewall-cmd --set-default-zone=public |
| systemctl enable firewalld | systemctl enable firewalld | ||
| + | =====Fail2ban===== | ||
| + | yum install -y fail2ban fail2ban-systemd | ||
| + | yum update -y selinux-policy* | ||
| + | Configure fail2ban, we decide to use FirewallD which is implemented by default in CentOS 7. | ||
| + | Put the following lines in / | ||
| + | <code - / | ||
| + | [sshd] | ||
| + | enabled = true | ||
| + | port = ssh | ||
| + | logpath = %(sshd_log)s | ||
| + | maxretry = 5 | ||
| + | bantime = 86400 | ||
| + | </ | ||
| + | |||
| + | systemctl enable fail2ban | ||
| + | systemctl start fail2ban | ||
| {{tag> | {{tag> | ||
gateway_centos_7.1427745046.txt.gz · Last modified: by herwarth
Page Tools
