How to Install and Configure Iptables Firewall on CentOS 6.3

This post covers the steps to install and configure iptables on linux CentOS 6.3 server. Iptables is a packet filtering firewall package in linux. It used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

1. To install iptables, simply run the following command :

[root@centos63 ~]# yum install iptables -y

2. Check iptables installed package and Version :

[root@centos63 ~]# rpm -qa | grep iptables
iptables-ipv6-1.4.7-5.1.el6_2.i686
iptables-1.4.7-5.1.el6_2.i686
[root@centos63 ~]# iptables --version
iptables v1.4.7

3. Check iptables status :

[root@centos63 ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

or

[root@centos63 ~]# service iptables status
iptables: Firewall is not running.

4. Start and stop iptables :

Start :

[root@centos63 ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]

Stop :

[root@centos63 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

5. To set iptables start at boot :

[root@centos63 ~]# chkconfig iptables on

6. Display Default Iptables rules:

[root@centos63 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

7. Display current opened port :

[root@centos63 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:46915               0.0.0.0:*                   LISTEN      1170/rpc.statd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1538/mysqld
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      1406/clamd
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1152/rpcbind
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1390/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1629/master
tcp        0      0 :::111                      :::*                        LISTEN      1152/rpcbind
tcp        0      0 :::59988                    :::*                        LISTEN      1170/rpc.statd
tcp        0      0 :::22                       :::*                        LISTEN      1390/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1629/master
udp        0      0 0.0.0.0:59738               0.0.0.0:*                               1170/rpc.statd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1152/rpcbind
udp        0      0 192.168.1.54:123            0.0.0.0:*                               1398/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:903                 0.0.0.0:*                               1152/rpcbind
udp        0      0 0.0.0.0:922                 0.0.0.0:*                               1170/rpc.statd
udp        0      0 :::50667                    :::*                                    1170/rpc.statd
udp        0      0 :::111                      :::*                                    1152/rpcbind
udp        0      0 fe80::20c:29ff:fe1b:b39c:123 :::*                                    1398/ntpd
udp        0      0 ::1:123                     :::*                                    1398/ntpd
udp        0      0 :::123                      :::*                                    1398/ntpd
udp        0      0 :::903                      :::*                                    1152/rpcbind

8. Modify original Iptables configuration file :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Please note that two rules has been added in the iptables firewall rules :

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

How to Install Iptables on CentOS 5.8

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on linux CentOS 5.8 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, RHEL 5.4 and RHEL 5.5.

If your server does not installed iptables package, you will get this error message :

[root@centos58 ~]# service iptables status
iptables: unrecognized service

Simply run the following command to install iptables on Linux centOS 5.8 server.

[root@centos58 ~]# yum install iptables -y

Example :

[root@centos58 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

How to Configure Iptables Firewall for 389 Directory Server on CentOS 6.2

In this post i will show the ports that need to be by passed in iptables firewall in order to make 389 Directory server accessible and working perfectly. Before the Windows Console (installed 389 Console.msi) from client’ PC connecting to 389 administration server, there are 3 important ports has to opened from iptables firewall. This will allow linux administrator or LDAP administrator to perform LDAP server search query or linux administration’s task. There are three(3) ports that are normally should be opened on 389 Directory Server.

a) Port 389 (ldap)
b) Port 636 (ldaps – only if using TLS/SSL)
c) Admin server port (9830 by default)

Run netstat command to see opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1105/sshd
tcp        0      0 127.0.0.1:5432              0.0.0.0:*                   LISTEN      1140/postmaster
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      1415/httpd.worker
tcp        0      0 :::22                       :::*                        LISTEN      1105/sshd
tcp        0      0 ::1:5432                    :::*                        LISTEN      1140/postmaster
tcp        0      0 :::389                      :::*                        LISTEN      1792/ns-slapd

Open the iptables firewall configuration file then enable port 389, 636 and 9830 go through iptables firewall :

[root@centos62 ~]# vi /etc/sysconfig/iptables

Add these three(3) lines:

 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

Then restart the iptables firewall :

[root@centos62 ~]# service iptables restart

How to Remove iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable and remove iptables due to some reasons. In this post, i will show the quick step to remove iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

Check installed iptables package :

[root@CentOS57 ~]# rpm -qa iptables
iptables-1.3.5-9.1.el5

To remove iptables using rpm command, simply run this :

[root@CentOS57 ~]# rpm -e iptables-1.3.5-9.1.el5

To remove iptables using yum command, simply run this :

[root@CentOS57 ~]# yum install iptables -y

How to Install iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on CentOS 5.7. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, RHEL 5.4 and RHEL 5.5.

1. To install iptables, simply run this command :

[root@CentOS57 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

2. How to check iptables status on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.
[root@CentOS57 ~]#

3. How to start iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables start

or

[root@CentOS57 ~]# /etc/init.d/iptables start

4. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to Disable iptables on Linux CentOS 5.7 Server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable this iptables due to some reasons. In this post, i will show the quick step to disable iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to stop ip6tables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/ip6tables stop

Note : Ignore this steps if ipv6 not configured or disabled
2. To ensure that iptables will not start after rebooting, please run this chkconfig command :

[root@CentOS57 ~]# chkconfig iptables off

3. How to check iptables status on Linux RHEL 5/CentOS 5 server. Make sure that it was stop :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.

How to Disable Firewall on RHEL 6

In this post, i will show how to disable Linux Iptables Firewall on Red Hat Enterprise Linux 6 (RHEL 6). A Linux firewall on RHEL 6 can be configured to filter every network packet that passes into or out of network. In some cases such as testing and development environment, you will need to disable the iptables firewall. To disable linux iptables firewall on RHEL6, you just to execute the following commands :

1. Before stop the iptables, save the firewall setting using the following command :

[root@rhel6 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

2. Stop iptables using the following command :

[root@rhel6 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

3. To ensure that iptables will not started at boot time, pleas execute this chkconfig command :

[root@rhel6 ~]# chkconfig iptables off

4. If IPv6 firewall is enabled, please disable it using the following commands :

[root@rhel6 ~]# service ip6tables save
ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[  OK  ]
[root@rhel6 ~]# service ip6tables stop
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
[root@rhel6 ~]# chkconfig ip6tables off

How to Install, Configure and Use Linux Iptables Firewall on CentOS 6.2

Iptables is the most popular packet filtering firewall package in linux. It can be used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets. In this post, i will show on how to install, configure and use Iptables Firewall on CentOS 6.2 server :

1. Check iptables installed package :

[root@centos62 ~]# rpm -qa | grep iptables
iptables-1.4.7-4.el6.i686
iptables-ipv6-1.4.7-4.el6.i686

2. Check Iptables version :

[root@centos62 ~]# iptables --version
iptables v1.4.7

3. If Iptables not installed, simply run this command to install :

[root@centos62 ~]# yum install iptables

4. Check Iptables status whether up or not :

[root@centos62 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

If Iptables not running, it will return this message :

[root@centos62 ~]# service iptables status
iptables: Firewall is not running.

5. Display Default Iptables rules:

[root@centos62 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

6. To start, stop, and restart iptables, you can run below commands :

[root@centos62 ~]# service iptables start
[root@centos62 ~]# service iptables stop
[root@centos62 ~]# service iptables restart

7. To set iptables start at boot :

[root@centos62 ~]# chkconfig iptables on

8. Display current opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1102/sshd   
tcp        0      0 :::22                       :::*                        LISTEN      1102/sshd   

Note : Only ssh port has been opened on this server and listening port is 22.

9. Add below line to enable certain port/programs to pass through firewall such as:

80 = Web service / httpd service
3306 = MySQL service / mysqld service

10. View and modify original Iptables configuration file :

[root@centos62 ~]# vi /etc/sysconfig/iptables

Original Iptables configuration file

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

11. Modify the Iptables configuration file as below. Add port “80” and port ” 3306″ :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

12. Start httpd and mysqld daemon service :

[root@centos62 ~]# service httpd start
[root@centos62 ~]# service mysqld start

13. Print updated opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1102/sshd   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2482/mysqld 
tcp        0      0 :::80                       :::*                        LISTEN      2345/httpd  
tcp        0      0 :::22                       :::*                        LISTEN      1102/sshd   

How to Allow and Deny Access for Remote SSH to CentOS 6.2

In this post, i will show on how to allow and deny access for Remote SSH to CentOS server. This post will configure SSH access as follows:
– Only ehowstuff and root has remote SSH access to the machine within ehowstuff.local
– Clients within bloggerbaru.com should NOT have access to ssh on your system

Please note that all systems in that domain are in the 192.168.1.0/255.255.255.0 subnet, and all systems in that subnet are in bloggerbaru.com.

1. Modify ssh_config as below :

[root@centos62 ~]# vi /etc/ssh/sshd_config
AllowUsers ehowstuff root

2. Make sshd auto start on boot and restart sshd service :

[root@centos62 ~]# chkconfig sshd on
[root@centos62 ~]# /etc/init.d/sshd restart

3. Open iptables configuration as below :

[root@centos62 ~]# vi /etc/sysconfig/iptables

4. Append this line on your iptables setting :

-A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j REJECT

5. Restart the iptables :

[root@centos62 ~]# /etc/init.d/iptables restart

How to Drop or Block Incoming Access From Specific IP Address Using Iptables

In this post, i will show you the simple way to block incoming ip address using iptables firewall on CentOS 5.5. This setting will be removed once you restarted the iptables or rebooted the server.

OPTIONS = long or short options are allowed.

    --append  -A Append to chain
    --delete  -D Delete matching rule from chain
    --delete  -D Delete rule rulenum (1 = first) from chain	
    --insert  -I Insert in chain as rulenum (default 1=first)
    --replace -R Replace rule rulenum (1 = first) in chain
    --list    -L List the rules in a chain or all chains
    
    --source      -s [!] address[/mask] source specification
    --destination -d [!] address[/mask] destination specification                         
    --jump        -j target
    
    INPUT = Incoming Access
    OUTPUT = Outgoing Access
    -I = Insert
    -D = Delete
    -s = Source Ip Address
    -j = Target Action
    DROP = Block action
    

Steps :
1. Login to your server via SSH as a root
2. To successfully block an IP address, just type this iptables syntax and it will take effect immediately.

syntax : iptables -I INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -I INPUT -s 192.168.2.2 -j DROP
    

3. To removed blocked IP address, just type this iptables syntax as below:

syntax : iptables -D INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -D INPUT -s 192.168.2.2 -j DROP
    

4. If you want to look at what’s iptables rules already loaded, type below syntax :

    [root@server ~]# iptables -L -n
    

How to Install and Configure Linux Iptables Firewall in CentOS 5

Iptables is the most popular packet filtering firewall package in linux. It can be used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

Steps:

Install the iptables wihthout gui.

[root@server ~]# yum install iptables

Install the iptables with Gui by run below command.

[root@server ~]# yum install system-config-securitylevel-tui iptstate firstboot-tui iptables
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: centos.maulvi.net
 * base: mirror.averse.net
 * epel: ftp.cuhk.edu.hk
 * extras: mirror.averse.net
 * updates: mirror.averse.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package firstboot-tui.i386 0:1.4.27.8-1.el5.centos set to be updated
---> Package iptables.i386 0:1.3.5-5.3.el5_4.1 set to be updated
---> Package iptstate.i386 0:1.4-2.el5 set to be updated
---> Package system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5 set to be updated
--> Processing Dependency: iptables-ipv6 for package: system-config-securitylevel-tui
--> Running transaction check
---> Package iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                              Arch      Version                      Repository
                                                                                        Size
=============================================================================================
Installing:
 firstboot-tui                        i386      1.4.27.8-1.el5.centos        base      189 k
 iptables                             i386      1.3.5-5.3.el5_4.1            base      233 k
 iptstate                             i386      1.4-2.el5                    base       27 k
 system-config-securitylevel-tui      i386      1.6.29.1-6.el5               base      254 k
Installing for dependencies:
 iptables-ipv6                        i386      1.3.5-5.3.el5_4.1            base      161 k

Transaction Summary
=============================================================================================
Install       5 Package(s)
Upgrade       0 Package(s)

Total download size: 864 k
Is this ok [y/N]: y
Downloading Packages:
(1/5): iptstate-1.4-2.el5.i386.rpm                                    |  27 kB     00:00
(2/5): iptables-ipv6-1.3.5-5.3.el5_4.1.i386.rpm                       | 161 kB     00:01
(3/5): firstboot-tui-1.4.27.8-1.el5.centos.i386.rpm                   | 189 kB     00:03
(4/5): iptables-1.3.5-5.3.el5_4.1.i386.rpm                            | 233 kB     00:03
(5/5): system-config-securitylevel-tui-1.6.29.1-6.el5.i386.rpm        | 254 kB     00:04
---------------------------------------------------------------------------------------------
Total                                                         60 kB/s | 864 kB     00:14
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                              1/5
  Installing     : iptables-ipv6                                                         2/5
  Installing     : system-config-securitylevel-tui                                       3/5
  Installing     : iptstate                                                              4/5
  Installing     : firstboot-tui                                                         5/5

Installed:
  firstboot-tui.i386 0:1.4.27.8-1.el5.centos
  iptables.i386 0:1.3.5-5.3.el5_4.1
  iptstate.i386 0:1.4-2.el5
  system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5

Dependency Installed:
  iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1

Complete!

Display Default Iptables rules:

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

To start, stop, and restart iptables, you can run below commands:

[root@server ~]# service iptables start
[root@server ~]# service iptables stop
[root@server ~]# service iptables restart

To get iptables configured to start at boot, use the chkconfig command:

[root@server ~]# chkconfig iptables on

Check the iptables status whether iptables is running or not with the below command:

[root@server ~]# service iptables status
Firewall is stopped.

You can view the iptables manual by run below command:

[root@server ~]# man iptables

Add below line to enable certain port/programs to pass through firewall such as:
22 = SSH
80 = Web service
443 = SSL Web service
25 = Sendmail or postfix
3306 = MySQL service
10000 = Webmin service

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

New configuration of the iptables should be like this.

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

You can view the iptables status by run the below command to see which port are currently open.

[root@server ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10000
15   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited