Check if the server had install Iptables or not
rpm -q iptablesIf Haven't install, install it by using
yum install iptables
This is the standard rule for all the server
start/restart the iptables after save
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -P INPUT DROPsave the iptables rules so that each time iptables start will refer back to this rule
/etc/init.d/iptables saveremember to save every time you finalize your rules
start/restart the iptables after save
/etc/init.d/iptables start
Use nmap to check open port, install it via yum or use other server which have nmap installed to check open port by
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
nmap "destination"example
nmap 172.30.10.230you can use this link to check each description for each port
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
add specific port into Iptables. This will add rule to the end of the selected chain
add port to a specific rule number. So if the rule number is 1, the rule inserted will be taking no.1 and push default no.1 rule to no.2
delete specific rules
list out all the rules
iptables -A [CHAIN] -p tcp --dport [port number] -j [ACCEPT/DROP]example
iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j DROPThis will allow port 443 connection to come in and the 2nd rule will block http connection to go out
add port to a specific rule number. So if the rule number is 1, the rule inserted will be taking no.1 and push default no.1 rule to no.2
iptables -I [CHAIN] [rule number] -p tcp --dport [port number] -j [ACCEPT/DROP]example
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPTThis will make allow connection to come in from port 22 as the first rule
delete specific rules
iptables -D [CHAIN] [rule number]
list out all the rules
iptables -L
No comments:
Post a Comment