How To Configuration Iptables Firewall on CentOS

For those of you who didn’t know, iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames. (via: wikipedia)

Configuration Iptables Firewall on CentOS

Setting up iptables

You can use the following procedure to verify that iptables has been installed and view the status of iptables. Open terminal and type the following command:

If the above message does not appear, you can type the following command to install iptables:

Understanding Firewall, At present here are total four chains:

• INPUT : The default chain is used for packets addressed to the system.
• OUTPUT : The default chain generating from system.
• FORWARD : The default chains is used when packets send through another interface.
• RH-Firewall-1-INPUT : The user-defined custom chain.

Target Meanings

• The target ACCEPT means allow packet.
• The target REJECT means to drop the packet and send an error message to remote host.
• The target DROP means drop the packet and do not send an error message to remote host or sending host.

The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by Nginx web server. You can do step by step to configure:

Step 1: Flush all iptables rules

Step 2: Set default rules

Step 3: Allow access to HTTP (port 80) and HTTPS (port 443)

 Turn on and save iptables

Type the following two commands to turn on firewall: