In this tutorial, we will show you how to configuration Iptables firewall on CentOS. For those of you who didn’t know, Iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step configure Iptables Firewall on a CentOS server.
Prerequisites
- A server running one of the following operating systems: CentOS Linux.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Configuration Iptables Firewall on CentOS
Setting up Iptables
You can use the following procedure to verify that iptables have been installed and view the status of iptables. Open the terminal and type the following command:
# iptables -V # yum info iptables
If the above message does not appear, you can type the following command to install iptables:
# yum -y install iptables
Understanding Firewall, At present, there is a total of four chains:
- INPUT : The default chain is used for packets addressed to the system.
- OUTPUT : The default chain generated from the system.
- FORWARD : The default chains are used when packets send through another interface.
- RH-Firewall-1-INPUT : The user-defined custom chain.
Target Meanings
- The target ACCEPT means allow packet.
- The target REJECT means to drop the packet and send an error message to the remote host.
- The target DROP means to drop the packet and does not send an error message to the remote host or sending host.
The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by the Nginx web server. You can do step by step to configure:
Step 1: Flush all Iptables rules
# iptables -F # iptables -X # iptables -t nat -F # iptables -t nat -X # iptables -t mangle -F # iptables -t mangle -X
Step 2: Set default rules
# iptables -P INPUT DROP # iptables -P FORWARD ACCEPT # iptables -P OUTPUT ACCEPT
Step 3: Allow access to HTTP (port 80) and HTTPS (port 443)
# iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A INPUT -p icmp -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Turn on and save iptables
Type the following two commands to turn on the firewall:
# chkconfig iptables on # service iptables save
Congratulations! You have successfully Configured Firewall. Thanks for using this tutorial for Configuration Iptables Firewall in the CentOS system. For additional help or useful information, we recommend you check the official CentOS website.