Basic iptables on CentOS
I would like to do the following, but I'm having a hard time doing so using iptables in CentOS:
- I would like to accept inbound only port 80,443,22, snmp, 3306 to my server
- I would like to be able to allow all outbound ports
- I would like all other inbound connection to be dropped
Open your iptables(/etc/sysconfig/iptables) and add the following lines below (-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
) line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
Restart the iptables:
service iptables restart
By default, your iptables allow all outbound ports.
lokkit
will give you a simple interface to configure iptables with.
- I would like to accept inbound only port 80,443,22, snmp, 3306 to my server.
- I would like to be able to allow all outbound ports
- I would like all other inbound connection to be dropped.
Put this rules in a shell script....
#!/bin/bash
# 3
iptables -P INPUT DROP
iptables -P FORWARD DROP
# 2
iptables -P OUTPUT ACCEPT
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
# 1 (change eth0 for your interface)
iptables -A INPUT -j ACCEPT -i eth0 -p tcp -m multiport --dport 80,443,22,161,3306