Thursday, November 28, 2013

Manually manipulating iptables in CentOS and Redhat

The iptables rules in redhat based distro is being kept by default in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. To manipulate the firewall, just add or remove rules from this file, and restart iptables services. For example, we want to allow tftp port, which is port 69 udp:

  1. Edit /etc/sysconfig/iptables
    • # vi /etc/sysconfig/iptables
  2. Add the following lines, before the final LOG and DROP lines for INPUT chain:
    • -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
  3. Save and close the file
  4. Restart iptables service:
    • # /etc/init.d/iptables restart
  5. Check your new iptables rules, where -L is to list all rules in the selected chain, and -n is for printing port in numeric output:
    • # sudo iptables -L -n
  6. And you can see that
    "ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:69"
    line is in the iptables file.
  7. To save the new rules permanently, just run:
    • # /etc/init.d/iptables save 

To block any particular port, you just need to edit /etc/sysconfig/iptables, remove the ACCEPT line that contain that port, and restart iptables, and you are done :)

No comments: