Hopefully on a home or private network until you gain more skills.
Normally, the rule set would be configured in one of the system boot files. Red Hat supplies a complete firewall setup tool, including the needed boot scripts. Centos should do the same.
No, you would run a script similar to this. You appear not to know that the "$IPT" at the beginning of the lines in the script below are translated by the shell into the command '/sbin/iptables' and the rest of each line is supplied as an argument to that command. This script looks to be designed to run out of /etc/rc.d/rc.local which should normally be the last boot script run. Not a great idea, but better than nothing at all.
Does the firewall script include a 'LOG' target? (If not, why not?) What data showed up in the log files? What errors showed up on your client when you attempted to connect??
You should have a directory called /usr/share/HOWTO/ and in there, you should find over 450 documents. If you can't find them on your system, go to
or the LDP site at
43309 Nov 5 2000 From-PowerUp-To-Bash-Prompt-HOWTO 85507 Aug 20 2001 Firewall-HOWTO 708351 Nov 14 2005 IP-Masquerade-HOWTO 155096 Jan 23 2004 Security-HOWTO 287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO 45604 Apr 18 2006 Networking-Overview-HOWTO 71776 Nov 28 21:45 Unix-and-Internet-Fundamentals-HOWTO
The 'From-PowerUp-To-Bash-Prompt-HOWTO' explains how your system boots and tells where to look for specific files. The next four documents describe how firewalls are set up. The last two give some clues about how IP networking works.
the website run by the author of the firewall code in the kernel, and it has seven more HOWTOs you really should be looking at:
[TXT] NAT-HOWTO.txt 24-Dec-2006 16:06 25K [TXT] netfilter-double-nat-HOWTO.txt 24-Dec-2006 16:06 9.4K [TXT] netfilter-extensions-HOWTO.txt 24-Dec-2006 16:06 79K [TXT] netfilter-hacking-HOWTO.txt 24-Dec-2006 16:06 84K [TXT] netfilter-mirror-HOWTO.txt 24-Dec-2006 16:06 8.1K [TXT] networking-concepts-HOWTO.txt 24-Dec-2006 16:06 28K [TXT] packet-filtering-HOWTO.txt 24-Dec-2006 16:06 52K
Most of the scripts you will use are pretty simple, but if you are not comfortable with the command prompt and shell scripting, reading the Bash-Prog-Intro-HOWTO would be a good idea.
Probably not the best idea ever - this would accept SSH connections from all 2.8 billion IP addresses in use around the world, including the 2.799 billion zombies and 'bots used by crackers. You should limit this access to those addresses or address ranges that you know YOU will be using to connect to this system. (The firewall at my house allows _inbound_ access from a /22 and two /24s "outside" or a total of 1530 addresses, because I can't see any reason to allow connections from you or anyone else that I haven't approved in advance, and I really don't expect authorized users to be connecting from Kazakhstan, Kenya, Kiribati, Korea, or Kuwait or a lot of other places either. Lest someone from those countries object, I also don't allow access from nearly all ISPs in North America.)
Likewise probably not the best idea ever - even assuming your ISP doesn't block these connections. You would need this rule only if this system is listed in your DNS as the MX or 'Mail eXchange' server for your registered domain.
Again - do you really need to offer POP-3 to the entire world?
Actually, that's DNS inbound - are you running a DNS server that is listed by an Internet registry service (meaning you are running your own real domain) and therefore need to provide DNS to the entire world?