Samba: Linux Iptables Firewall Configuration

Posted on in Categories , , , , , , , , , last updated March 31, 2017

How do I configure iptables firewall under CentOS / Fedora / RHEL / Redhat Linux to allow access to the Samba server? How do I open TCP ports # 137, 138, 139 and 445 under Linux so that all Microsoft Windows machine can access files and printer on a Linux host?

Linux Iptables Open LDAP Server TCP Ports 389 and 636

Posted on in Categories , , , , , , , last updated August 16, 2009

The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?

How to: Allow telnet and ssh through iptables under Linux

Posted on in Categories , , , , , last updated November 1, 2007

Q. I run both RHEL / CentOS Linux server and by default firewall blocked out everything including telnet / ssh access. How do I allow telnet – port 23 and ssh port 22 thought Linux iptables firewall ?

A.By default firewall rules stored at /etc/sysconfig/iptables location / file under CentOS / RHEL. All you have to do is modify this file to add rules to open port 22 or 23.

Login as the root user.

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Find line that read as follows:
COMMIT
To open port 22 (ssh), enter (before COMMIT line):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

To open port 23 (telnet), enter (before COMMIT line):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT

Save and close the file. Restart the firewall:
# /etc/init.d/iptables restart

Restrict ssh access using Iptable

Posted on in Categories , last updated November 29, 2007

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
IPS="202.54.1.20 64.66.44.22 64.66.44.25"
for i in $IPS
do
iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP
done

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

See also: