≡ Menu

Iptables

Understanding CentOS Default -A RH-Firewall-1-INPUT -p 50 -j ACCEPT Firewall Rule

Q.Can you explain the meaning of following two firewall rules present in my /etc/sysconfig/iptables rules under CentOS Enterprise Linux version 5.2?

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
[click to continue…]

APF Linux Firewall Open Port 22 From Specific / Selected IP Address Only

Q. I’ve CentOS Linux server configured with APF firewall. How do I open port 22 from specific IP address only? I’ve fix static ADSL IP address assgined and I’d like to open port 22 from my IP 202.5.1.3 only using APF firewall script. How do I configure firewall?
[click to continue…]

How To Run Linux Web Server / Service on Private IP Network

Q. I’ve only one public IP address assigned by my ISP using metro Ethernet connection. eth0 has public IP and eth1 is connected to our network switch. How do I configure Linux box to forward traffic to my web server hosted at 192.168.1.100 IP address?
[click to continue…]

Display the Natted / Routed Connections on a Linux Iptable Firewall

Q. I’ve Linux box acting as software router (natted) for over 100 computer connected via LAN. Regular netstat command is not displaying the list of all natted connections. How do I find out connections managed by netfilter / iptables which comes with the Debian 4.x system?
[click to continue…]

How To: Disable Firewall on RHEL / CentOS / RedHat Linux

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
droplist   all  --  0.0.0.0/0            0.0.0.0/0
droplist   all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  66.228.118.0/23      0.0.0.0/0
DROP       all  --  213.240.4.233        0.0.0.0/0
DROP       all  --  75.126.132.23        0.0.0.0/0
DROP       all  --  80.58.205.35         0.0.0.0/0
.....
...
.....
DROP       all  --  91.200.56.0/22       0.0.0.0/0
LOG        all  --  91.200.72.0/22       0.0.0.0/0           LOG flags 0 level 4 prefix `DROP List Block'
DROP       all  --  91.200.72.0/22       0.0.0.0/0

The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

Linux Passive FTP Not Working Problem And Solution

Q. I’m running GNU/Linux system with FTP server and passive ftp client requests are not working. What can I do to fix this problem under Linux iptables Firewall?
[click to continue…]

How Do I Save Iptables Rules or Settings?

Don’t Miss Any Linux Tips

Get nixCraft in your inbox. It's free: