Monday, December 30, 2013

IP Tables

$ iptables -L [--list]
list all of the IP table rules

$ iptables -F [--flush]
flush all of the IP table rules

$ service iptables save
save current iptables to /etc/sysconfig/iptables


Good article from linuxwave blog

http://linuxwave.blogspot.com/2013/11/manually-manipulating-iptables-in.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Linuxwave+%28linuxwave%29


Manually manipulating iptables in CentOS and Redhat

The iptables rules in redhat based distro is being kept by default in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. To manipulate the firewall, just add or remove rules from this file, and restart iptables services. For example, we want to allow tftp port, which is port 69 udp:
  1. Edit /etc/sysconfig/iptables
    • # vi /etc/sysconfig/iptables
  2. Add the following lines, before the final LOG and DROP lines for INPUT chain:
    • -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
  3. Save and close the file
  4. Restart iptables service:
    • # /etc/init.d/iptables restart
  5. Check your new iptables rules, where -L is to list all rules in the selected chain, and -n is for printing port in numeric output:
    • # sudo iptables -L -n
  6. And you can see that
    "ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:69"
    line is in the iptables file.

To block any particular port, you just need to edit /etc/sysconfig/iptables, remove the ACCEPT line that contain that port, and restart iptables, and you are done :)


Save IP tables on CentOS
/etc/init.d/iptables start or service iptables save
Remove IPtable rules by line
iptables -vnL --line-numbers
iptables -D INPUT 22


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)