simple firewall

1. prereqs

wget -nv http://d01cid.ddns.net/sharel/etc/udev/rules.d/10-eth1.rules -P /etc/udev/rules.d/
udevadm control --reload
rmmod ax88179_178a && modprobe ax88179_178a

cube /etc/ssh/sshd_config 'PasswordAuthentication yes' with 'PasswordAuthentication no'
cube /etc/ssh/sshd_config '#UseDNS yes' with 'UseDNS no'
systemctl restart sshd.service

cube /etc/sysconfig/network-scripts/ifcfg-eth0 'GATEWAY=' with '#GATEWAY='
cube /etc/sysconfig/network-scripts/ifcfg-eth0 'DNS1=' with '#DNS1='

reboot

2. configuration

cid-rfwd
cube /etc/rfwd.conf 'xx' with '1'
grep -vE '"dhcp|"dns|"ldap|"ldaps|"http|"https|"mysql|"samba|"others' /etc/rfwd.conf > xx
mv -f xx /etc/rfwd.conf
cid-rfwd
firewall-cmd --permanent --zone=external --change-interface=eth1

echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_forward.conf

3. xtra stuff

yum -y install netstat-nat denyhosts
systemctl enable denyhosts.service
systemctl start denyhosts.service

4. debug

cat /proc/sys/net/ipv4/ip_forward

journalctl -xe

5. references

https://www.woktron.com/secure/knowledgebase/77/Installation-CSF-Firewall-on-CentOS.html