How To Configuration Iptables Firewall on CentOS

For those of you who didn’t know, iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames. (via: wikipedia)

Configuration Iptables Firewall on CentOS

Setting up iptables

You can use the following procedure to verify that iptables has been installed and view the status of iptables. Open terminal and type the following command:

# iptables -V
# yum info iptables

1 2	# iptables -V # yum info iptables

iptables-centos

If the above message does not appear, you can type the following command to install iptables:

# yum -y install iptables

1	# yum -y install iptables

Understanding Firewall, At present here are total four chains:

INPUT : The default chain is used for packets addressed to the system.
OUTPUT : The default chain generating from system.
FORWARD : The default chains is used when packets send through another interface.
RH-Firewall-1-INPUT : The user-defined custom chain.

Target Meanings

The target ACCEPT means allow packet.
The target REJECT means to drop the packet and send an error message to remote host.
The target DROP means drop the packet and do not send an error message to remote host or sending host.

The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by Nginx web server. You can do step by step to configure:

Step 1: Flush all iptables rules

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X

# iptables -F

# iptables -X

# iptables -t nat -F

# iptables -t nat -X

# iptables -t mangle -F

# iptables -t mangle -X

Step 2: Set default rules

# iptables -P INPUT DROP
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT

# iptables -P INPUT DROP

# iptables -P FORWARD ACCEPT

# iptables -P OUTPUT ACCEPT

Step 3: Allow access to HTTP (port 80) and HTTPS (port 443)

# iptables -A INPUT -i lo -j ACCEPT 
# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT 
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# iptables -A INPUT -i lo -j ACCEPT

# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# iptables -A INPUT -p icmp -j ACCEPT

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Turn on and save iptables

Type the following two commands to turn on firewall:

# chkconfig iptables on
# service iptables save

1 2	# chkconfig iptables on # service iptables save

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!

SHARE ON Twitter Facebook Google+ Pinterest

How To Configuration Iptables Firewall on CentOS

Configuration Iptables Firewall on CentOS

Turn on and save iptables

Related Posts of "How To Configuration Iptables Firewall on CentOS"

How To Install OpenCV on CentOS 7

How To Install osTicket on CentOS 6

How To Install Elgg on Ubuntu 14.04

How To Install Firefox Developer Edition on Ubuntu 16.04 LTS

How To Install KVM and Create Virtual Machines on Ubuntu 16.04 LTS

How To Install DNSCrypt on OpenWrt