Basic iptables on CentOS

I would like to do the following, but I'm having a hard time doing so using iptables in CentOS:

  1. I would like to accept inbound only port 80,443,22, snmp, 3306 to my server
  2. I would like to be able to allow all outbound ports
  3. I would like all other inbound connection to be dropped

Open your iptables(/etc/sysconfig/iptables) and add the following lines below (-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT) line:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT

Restart the iptables:

service iptables restart

By default, your iptables allow all outbound ports.


lokkit will give you a simple interface to configure iptables with.


  1. I would like to accept inbound only port 80,443,22, snmp, 3306 to my server.
  2. I would like to be able to allow all outbound ports
  3. I would like all other inbound connection to be dropped.

Put this rules in a shell script....

#!/bin/bash

# 3

iptables -P INPUT DROP

iptables -P FORWARD DROP

# 2

iptables -P OUTPUT ACCEPT

iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED

# 1 (change eth0 for your interface)

iptables -A INPUT -j ACCEPT -i eth0 -p tcp -m multiport --dport 80,443,22,161,3306