iptables firewall – Page 2

Redhat / CentOS / Fedora Linux Open Port

September 13, 2007September 29, 2007in Iptables, Linux, RedHat and Friends last updated September 29, 2007

Q. Iâ€™ve Redhat Enterprise Linux 5 server with Iptabeles firewall enabled. By default it is only allowing port 22. How do I open port 80 / 143 / 110 on Linux? I’ve started all services but don’t know how to open port using iptables.

A. By default iptables firewall stores its configuration at /etc/sysconfig/iptables file. You need to edit this file and add rules to open port number. This file only avilable under
Red Hat Enterprise Linux 3 / 4 / 5 and above
=> Old Red hat Linux version
=> CentOS 4 and above
=> Fedora Linux

Open port 80

Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

Open port 110

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT

Open port 143

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

Restart iptables service

Type the following command:
# service iptables restart

Verify that port is open

Run following command:
netstat -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections:
iptables -L -n

Refer to iptables man page for more information about iptables usage and syntax:
man iptables

HowTo Disable The Iptables Firewall in Linux

April 10, 2007June 28, 2012in Debian / Ubuntu, Iptables, Linux, Networking, RedHat and Friends, Suse, Ubuntu Linux last updated June 28, 2012

I need to disable firewall in Linux for testing purpose. I’m using CentOS and RHEL version 4.4 / 5 / 6. How do I disable the firewall in Linux?

How Do I Block an IP Address on My Linux server?

March 29, 2006August 2, 2010in BASH Shell, CentOS, Debian / Ubuntu, Iptables, Linux, RedHat and Friends last updated August 2, 2010

How do I block an IP address or subnet under Linux operating system?

Restrict ssh access using Iptable

January 31, 2006November 29, 2007in Iptables, Linux last updated November 29, 2007

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
IPS="202.54.1.20 64.66.44.22 64.66.44.25" for i in $IPS do iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP done

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

nixCraft