This is an old revision of the document!
[root@ohpc0-test ~]# systemctl stop firewalld [root@ohpc0-test ~]# systemctl disable firewalld [root@ohpc0-test ~]# yum install iptables-services -y [root@ohpc0-test ~]# systemctl enable iptables [root@ohpc0-test ~]# systemctl enable ip6tables [root@ohpc0-test ~]# vi /etc/sysconfig/iptables # lock up port 22 -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp -s 129.133.0.0/16 --dport 22 -j ACCEPT # local allow: note eth1 -A INPUT -i eth1 -d 192.168.0.0/16 -p tcp --dport 0:65535 -j ACCEPT -A INPUT -i eth1 -d 192.168.0.0/16 -p udp --dport 0:65535 -j ACCEPT [root@ohpc0-test ~]# vi /etc/sysconfig/ip6tables # comment out port 22 [root@ohpc0-test ~]# systemctl restart iptables [root@ohpc0-test ~]# systemctl restart ip6tables [root@ohpc0-test ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- 129.133.0.0/16 anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere 192.168.0.0/16 tcp ACCEPT udp -- anywhere 192.168.0.0/16 udp REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@ohpc0-test ~]# reboot