2
/etc/iptables.conf

contains a rule to dump my outgoing packets to 10.199 network as,

*filter
:INPUT ACCEPT [122:9273]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [73:8165]
-A OUTPUT -d 10.199.48.0/24 -j REJECT --reject-with icmp-port-unreachable
COMMIT

To ensure, these rules are added on every machine boot, i have added this rule in /etc/rc.local as,

iptables-restore < /etc/iptables.conf

But on every bootup, the iptables are not loaded with this new rule. I am using Centos 7.0.1406.

This instructions i am following from this post.

Community
  • 1
  • Is the rule actually meant for `10.199.x.x` network or `10.199.48.x` network? Because the rules says `/24` ! Just asking.... – neuron Jul 31 '15 at 16:35
  • Look for the guide for your own distribution, not for Ubuntu. Here's [RHEL7 Security Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html). Related: http://serverfault.com/q/626521/290746 – yaegashi Jul 31 '15 at 16:38
  • @Neuron, it is meant for 10.199.48.x network... –  Aug 01 '15 at 00:46

1 Answers1

2

/etc/rc.local is a symlink to /etc/rc.d/rc.local in CentOS 7 so you have to ensure that /etc/rc.d/rc.local is executable if you want to start things this way, so you can do:

chmod +x /etc/rc.d/rc.local

and then to start the service:

systemctl start rc-local
taliezin
  • 9,085
  • 1
  • 34
  • 38