We can use a firewall along with other safety measures to protect our servers from hackers' pries and attacks.
Run this commands from a local console (not a remote one) to reduce the chances of locking yourself out of the system.Unless you can download updates for the vulnerable packages on another system (or you have mirrored security.for local use), the system will have to be connected to the Internet for the downloads.However, as soon as you connect to the Internet you are exposing this system.This makes it very easy for one component to break another component’s configuration.Further, Open Shift Origin and the Docker service assume that iptables remains set up exactly as they have set it up.Note: If you add an IPv6 address to your server, you should also set up the ip6tables service.
Configuring ip6tables is outside of the scope of this article.
On Cent OS 6, the default firewall program is iptables.
In this article, I will show you how to set up a basic iptables firewall based on the Vultr "Word Press on Cent OS 6 x64" app, which will block all traffic except for web, SSH, NTP, DNS, and ping services.
Different services is used for different protocols as: Saving IPTables rulesets with below command.
Whenever system rebooted and restarted the IPTables service, the exsiting rules flushed out or reset.
If one of your local services is vulnerable, you might be compromised even before the update is finished!