More Complex GUI IPTables Setup for CentOS 5.x with Bastille Linux

We have a few CentOS boxes and require a little more IPTables tweaking than the standard security setup in the GUI. I could go into the IPTables config files, but I am more than a little rusty on the logic for IPTables. So, I went back to an old stand-by to config the multiple interfaces on a couple of my CentOS boxes.

http://bastille-linux.sourceforge.net

Download the RPM and install it.

sudo rpm -i Bastille-3.2.1-0.1.noarch.rpm

You can get perl-tk and and perl-curses via CPAN. I know DAG’s RPMForge is just about standard now, but I prefer going to source if it is not standard. Of course, yum and the RPM model is basically kind of a pain now if you are used to apt-get in Debian/Ubuntu systems.I suppose the DAG RPMForge makes is a little less painful. But, CPAN is great.

You can do a couple of commands to get the pre-reqs for the graphical Bastille hardener. I would make sure you do these via the server console inside a gnome session. You get quite a site to watch on the Tk install.

sudo cpan install Tk

and

sudo cpan install Curses

I ended-up having to do a force install on Tk because I failed some of the TK install tests in the GUI. Anyway, no problem. This will get you what you need to then run

sudo bastille -x

I tend to run it via the console, but you should do it via ssh -X. Bastille comes in VERY handy when you have to do some IPTables configs for multiple network interfaces and you want different rules for different interfaces. Firestarter is another nice GUI tool when you don’t want to get into tables configs yourself.