How to Install and Configure Iptables Firewall on CentOS 6.3

This post covers the steps to install and configure iptables on linux CentOS 6.3 server. Iptables is a packet filtering firewall package in linux. It used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

1. To install iptables, simply run the following command :

[root@centos63 ~]# yum install iptables -y

2. Check iptables installed package and Version :

[root@centos63 ~]# rpm -qa | grep iptables
iptables-ipv6-1.4.7-5.1.el6_2.i686
iptables-1.4.7-5.1.el6_2.i686
[root@centos63 ~]# iptables --version
iptables v1.4.7

3. Check iptables status :

[root@centos63 ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

or

[root@centos63 ~]# service iptables status
iptables: Firewall is not running.

4. Start and stop iptables :

See also  How to Add SPF Record in Bind DNS Zone on Linux

Start :

[root@centos63 ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]

Stop :

[root@centos63 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

5. To set iptables start at boot :

[root@centos63 ~]# chkconfig iptables on

6. Display Default Iptables rules:

[root@centos63 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

7. Display current opened port :

[root@centos63 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:46915               0.0.0.0:*                   LISTEN      1170/rpc.statd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1538/mysqld
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      1406/clamd
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1152/rpcbind
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1390/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1629/master
tcp        0      0 :::111                      :::*                        LISTEN      1152/rpcbind
tcp        0      0 :::59988                    :::*                        LISTEN      1170/rpc.statd
tcp        0      0 :::22                       :::*                        LISTEN      1390/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1629/master
udp        0      0 0.0.0.0:59738               0.0.0.0:*                               1170/rpc.statd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1152/rpcbind
udp        0      0 192.168.1.54:123            0.0.0.0:*                               1398/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:903                 0.0.0.0:*                               1152/rpcbind
udp        0      0 0.0.0.0:922                 0.0.0.0:*                               1170/rpc.statd
udp        0      0 :::50667                    :::*                                    1170/rpc.statd
udp        0      0 :::111                      :::*                                    1152/rpcbind
udp        0      0 fe80::20c:29ff:fe1b:b39c:123 :::*                                    1398/ntpd
udp        0      0 ::1:123                     :::*                                    1398/ntpd
udp        0      0 :::123                      :::*                                    1398/ntpd
udp        0      0 :::903                      :::*                                    1152/rpcbind

8. Modify original Iptables configuration file :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Please note that two rules has been added in the iptables firewall rules :

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

1 Comment

  • Avatar for Michael McMillan Michael McMillan says:

    Once you have done this, use the command:
    service iptables restart
    to apply the changes to your firewall settings. 

1 Trackback or Pingback

  • Homepage

Leave a Reply

Your email address will not be published. Required fields are marked *