This post is probably going to be updated a few times as it’s a work in progress as I figure things out. As I’ve noted before a few times, I like to write things out as I figure them out so that I don’t have to research time and again. Today’s project, replacing a pfSense firewall with a Centos server and Firewalld.
This is the first of what will be a number of posts on building out parts of a basic mission network. This network will be based on Centos 7 (Linux), with an IPA server (Linux version of Active Directory), have a local patching server, and a number of there features. Today’s article will focus entirely on the basic build of a Centos 7.0 system and will serve as the base system for all of the other lessons in the future
You likely haven’t noticed yet, but if you look at the top corner of your browser, you should be seeing a little lock symbol up there for the first time (at least when you came to this site). For years now, Signal-Chief has been served up on straight HTTP. I was never really worried about it because there is no personal information on the site, and the only person who actually logged into it was me (and I use unique passwords on everything)
So you may not have noticed (hopefully) but I recently moved signal-chief from a shared hosting instance on GoDaddy to a dedicated VPS system. As a cyber guy, one of the first things I wanted to do was to start with some basic security so of course step one is to run yum update to update all of my packages, and step two was to setup some firewall rules. To allow me to initial a connection (DNS, http, whatever) from the server and get the return traffic back. Unfortunately when I tried to run this command I got “iptables: No chain/target/match by that name” sent back to me. Well that’s frustrating.