You can add the route command at the end of the /etc/rc.d/rc.local file. The route will be added every time IPCop is rebooted but not everytime the interface is restarted. Good for a box with minimal changes.
root@ipcop: # echo “route add -net 10.10.0.0 gw 10.1.0.1 netmask 255.255.0.0” >> /etc/rc.d/rc.local
su – temp
scp /home/.sites/temp/html/* temp@lamp4.ncol.net:/home/.sites/temp/html/
Edit the /etc/rc.d/rc.firewall.local file and add our new SMTP blocking rules. Open the file with vi or nano, then look for the line “## add your ‘start’ rules here” and put your new rules under it.
# allow smtp from some allowed ips
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s 10.1.0.6 –dport 25 -j ACCEPT
# log stuff that is not the mail server
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j LOG –log-prefix “SMTP”
# block all other outgoing SMTP traffic
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j REJECT
The following lines allow SMTP and HTTP traffic through an IPTABLES firewall. But this information is not automatically saved and reloaded if the service restarts.
iptables -I INPUT -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables-save
Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.
The output can be redirected to a file.
# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.
# iptables-restore < /root/firewall-rules
By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.
Save Your Firewall and Load on Restart
You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”
Always backup the original key first (just in case)!
# cp www.key www.key.orig
Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:
# openssl rsa -in www.key -out new.key
Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.
