In this tutorial, we will show you how to configuration Iptables firewall on CentOS. For those of you who didn’t know, Iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames. (via: Wikipedia)
Configuration Iptables Firewall on CentOS
Setting up Iptables
You can use the following procedure to verify that iptables has been installed and view the status of iptables. Open the terminal and type the following command:
# iptables -V # yum info iptables
If the above message does not appear, you can type the following command to install iptables:
# yum -y install iptables
Understanding Firewall, At present, there is a total of four chains:
- INPUT : The default chain is used for packets addressed to the system.
- OUTPUT : The default chain generating from the system.
- FORWARD : The default chains are used when packets send through another interface.
- RH-Firewall-1-INPUT : The user-defined custom chain.
- The target ACCEPT means allow packet.
- The target REJECT means to drop the packet and send an error message to the remote host.
- The target DROP means to drop the packet and does not send an error message to the remote host or sending host.
The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by the Nginx web server. You can do step by step to configure:
Step 1: Flush all Iptables rules
# iptables -F # iptables -X # iptables -t nat -F # iptables -t nat -X # iptables -t mangle -F # iptables -t mangle -X
Step 2: Set default rules
# iptables -P INPUT DROP # iptables -P FORWARD ACCEPT # iptables -P OUTPUT ACCEPT
Step 3: Allow access to HTTP (port 80) and HTTPS (port 443)
# iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A INPUT -p icmp -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Turn on and save iptables
Type the following two commands to turn on the firewall:
# chkconfig iptables on # service iptables save