Glad you got it going! The update thingy allows dhcp to tell the dns server when there is a different ip address associated with a particular host name. I have never got that part to work correctly and don't really have a need for it right now so I'll wait until they get the bugs out or somebody gives me a really working method.
Anywho, the best place to read up on that is
man dhcp or dhcpd.conf
Now as far as your firewall goes, I do have a working script and some notes on getting that set up below.......
____________________________________________________________
Do this while logged in as Root
Save the firewall script as /etc/sysconfig/firewall.
Important: Set the permissions for root to read, write and exec. Also, read and exec for group and others.
Something like chomd 755 /etc/sysconfig/firewall aught to do it.
Edit the /etc/rc.d/rc.local file with a path to the script. /etc/sysconfig/firewall
Run the command: service iptables stop
Type: source /etc/sysconfig/firewall
Type: iptables-save > /etc/sysconfig/iptables
Run the command: service iptables restart
____________________________________________________________
#!/bin/sh
#
# The location of the iptables binary file on your system.
IPTABLES="/sbin/iptables"
# The Internet interface. For ADSL or Dialup users, this should be "ppp0".
# For a cable modem connection, this will probably be "eth0".
EXT="eth0"
# Out with the old stuff.
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
# These will setup our policies.
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
# Use this for NAT or IP Masquerading.
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE
# This rule protects your fowarding rule.
$IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP
# Port forwarding looks like this.
#$IPTABLES -t nat -A PREROUTING -i $EXT -p tcp --dport 25 -j DNAT --to 192.168.0.50
#$IPTABLES -t nat -A PREROUTING -i $EXT -p tcp --dport 53 -j DNAT --to 192.168.0.50
#$IPTABLES -t nat -A PREROUTING -i $EXT -p udp --dport 53 -j DNAT --to 192.168.0.50
# These two redirect a block of ports, in both udp and tcp.
#$IPTABLES -t nat -A PREROUTING -i $EXT -p tcp --dport 2300:2400 -j DNAT --to 192.168.0.50
#$IPTABLES -t nat -A PREROUTING -i $EXT -p udp --dport 2300:2400 -j DNAT --to 192.168.0.50
# This rule will accept connections from local machines.
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 0/0 -p all -j ACCEPT
# DROP bad packets.
$IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# DROP icmp, but only after letting certain types through.
$IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
$IPTABLES -A INPUT -p icmp -j DROP
# To open up port 22 (SSH Access) to various IP's edit the IP's below
# and uncomment the first line.
# To enable SSH access from anywhere, uncomment the second line only.
#$IPTABLES -A INPUT -i $EXT -s 200.123.10.2 -d 0/0 -p tcp --dport 22 -j ACCEPT
#$IPTABLES -A INPUT -i $EXT -s 0/0 -d 0/0 -p tcp --dport 22 -j ACCEPT
# If you are running a Web Server, uncomment the next line to open
# up port 80 on your machine.
#$IPTABLES -A INPUT -i $EXT -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT
# Some basic state-matching.
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Uncomment to DROP port 137 netbios packets silently.
$IPTABLES -A INPUT -p udp --sport 137 --dport 137 -j DROP
# So we don't get silent DROPs.
$IPTABLES -A INPUT -j DROP