Tuesday, March 1, 2011


Check if the server had install Iptables or not

rpm -q iptables
If Haven't install, install it by using
yum install iptables

This is the standard rule for all the server
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -P INPUT DROP
save the iptables rules so that each time iptables start will refer back to this rule
/etc/init.d/iptables save
remember to save every time you finalize your rules
start/restart the iptables after save
/etc/init.d/iptables start
Check open port
Use nmap to check open port, install it via yum or use other server which have nmap installed to check open port by
nmap "destination"
you can use this link to check each description for each port

add specific port into Iptables. This will add rule to the end of the selected chain
iptables -A [CHAIN] -p tcp --dport [port number] -j [ACCEPT/DROP]
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP
This will allow port 443 connection to come in and the 2nd rule will block http connection to go out

add port to a specific rule number. So if the rule number is 1, the rule inserted will be taking no.1 and push default no.1 rule to no.2
iptables -I [CHAIN] [rule number] -p tcp --dport [port number] -j [ACCEPT/DROP] 
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
This will make allow connection to come in from port 22 as the first rule

delete specific rules
iptables -D [CHAIN] [rule number]

list out all the rules
iptables -L

No comments:

Post a Comment