The Geek Diary

How to configure IPtables to open Ports in CentOS / RHEL

by

Most Linux distributions will default to running a host-based firewall, iptables. If you want your hosts to communicate with each other, you have two options: turn off iptables or configure iptables to allow communication. I prefer to leave iptables turned on and configure access. Keeping iptables is just another layer of your defense across the network. The post describes how to open or enable some port in CentOS/RHEL using.

Configuring iptables properly is a complicated task, which requires deep knowledge of networking. The example presented here is a simplification.

1. Check status of service tables and start if it is stopped

# service iptables status
# service iptables start
# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig iptables on

2. To check current iptables rules (below output shows currently no iptables rules set).

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

3. Add firewall (iptable) rule to allow incoming tcp port (for example, 22):

# iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

4. List iptables to verify newly added rule.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Repeat step 3 to continue adding ports to the Linux firewall (iptables)

Procedure to load rules after every reboot

1. Make sure iptables rules added using above procedure.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

2. Save iptables to a file. File name in below command can be anything.

# iptables-save > /root/iptable_rules

3. Edit ‘/etc/rc.local‘ file add following entry to restore iptable rules after every reboot.

# iptables-restore < /root/iptable_rules

4. Save and close the file.

You May Also Like