How to Install system-config-firewall-tui on Linux CentOS 6.2 Server

In this post, i will guide you on how to install system-config-firewall-tui on linux CentOS 6.2 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, CentOS 6.0 and CentOS 6.1. system-config-firewall is a graphical user interface for setting basic firewall rules. For those who are not familiar in command line iptables, system-config-firewall-tui is the solution for them. Follow this steps to install and use system-config-firewall-tui on linux CentOS 6.2 server.

1. Perform yum install using the following command :

yum install system-config-firewall-tui -y
[root@centos62 ~]# yum install system-config-firewall-tui -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.hostemo.com
 * epel: ftp.cuhk.edu.hk
 * extras: mirrors.hostemo.com
 * updates: mirrors.hostemo.com
CentOS6.2-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package system-config-firewall-tui.noarch 0:1.2.27-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                          Arch         Version             Repository                  Size
====================================================================================================
Installing:
 system-config-firewall-tui       noarch       1.2.27-5.el6        CentOS6.2-Repository        37 k

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 37 k
Installed size: 59 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : system-config-firewall-tui-1.2.27-5.el6.noarch                                   1/1

Installed:
  system-config-firewall-tui.noarch 0:1.2.27-5.el6

Complete!

2. To start configure your iptables using “system-config-firewall-tui”, run the following command :

[root@centos62 ~]# system-config-firewall-tui

system-config-firewall-tui
3. After any changes, please restart your iptables using this command :

[root@centos62 ~]# service iptables restart

or

[root@centos62 ~]# /etc/init.d/iptables restart

How to Install Iptables on CentOS 5.8

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on linux CentOS 5.8 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, RHEL 5.4 and RHEL 5.5.

If your server does not installed iptables package, you will get this error message :

[root@centos58 ~]# service iptables status
iptables: unrecognized service

Simply run the following command to install iptables on Linux centOS 5.8 server.

[root@centos58 ~]# yum install iptables -y

Example :

[root@centos58 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

How to Configure Iptables Firewall for 389 Directory Server on CentOS 6.2

In this post i will show the ports that need to be by passed in iptables firewall in order to make 389 Directory server accessible and working perfectly. Before the Windows Console (installed 389 Console.msi) from client’ PC connecting to 389 administration server, there are 3 important ports has to opened from iptables firewall. This will allow linux administrator or LDAP administrator to perform LDAP server search query or linux administration’s task. There are three(3) ports that are normally should be opened on 389 Directory Server.

a) Port 389 (ldap)
b) Port 636 (ldaps – only if using TLS/SSL)
c) Admin server port (9830 by default)

Run netstat command to see opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1105/sshd
tcp        0      0 127.0.0.1:5432              0.0.0.0:*                   LISTEN      1140/postmaster
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      1415/httpd.worker
tcp        0      0 :::22                       :::*                        LISTEN      1105/sshd
tcp        0      0 ::1:5432                    :::*                        LISTEN      1140/postmaster
tcp        0      0 :::389                      :::*                        LISTEN      1792/ns-slapd

Open the iptables firewall configuration file then enable port 389, 636 and 9830 go through iptables firewall :

[root@centos62 ~]# vi /etc/sysconfig/iptables

Add these three(3) lines:

 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

Then restart the iptables firewall :

[root@centos62 ~]# service iptables restart

How to Remove iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable and remove iptables due to some reasons. In this post, i will show the quick step to remove iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

Check installed iptables package :

[root@CentOS57 ~]# rpm -qa iptables
iptables-1.3.5-9.1.el5

To remove iptables using rpm command, simply run this :

[root@CentOS57 ~]# rpm -e iptables-1.3.5-9.1.el5

To remove iptables using yum command, simply run this :

[root@CentOS57 ~]# yum install iptables -y

How to Install iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on CentOS 5.7. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, RHEL 5.4 and RHEL 5.5.

1. To install iptables, simply run this command :

[root@CentOS57 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

2. How to check iptables status on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.
[root@CentOS57 ~]#

3. How to start iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables start

or

[root@CentOS57 ~]# /etc/init.d/iptables start

4. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to Disable iptables on Linux CentOS 5.7 Server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable this iptables due to some reasons. In this post, i will show the quick step to disable iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to stop ip6tables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/ip6tables stop

Note : Ignore this steps if ipv6 not configured or disabled
2. To ensure that iptables will not start after rebooting, please run this chkconfig command :

[root@CentOS57 ~]# chkconfig iptables off

3. How to check iptables status on Linux RHEL 5/CentOS 5 server. Make sure that it was stop :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.

How to Drop or Block Incoming Access From Specific IP Address Using Iptables

In this post, i will show you the simple way to block incoming ip address using iptables firewall on CentOS 5.5. This setting will be removed once you restarted the iptables or rebooted the server.

OPTIONS = long or short options are allowed.

    --append  -A Append to chain
    --delete  -D Delete matching rule from chain
    --delete  -D Delete rule rulenum (1 = first) from chain	
    --insert  -I Insert in chain as rulenum (default 1=first)
    --replace -R Replace rule rulenum (1 = first) in chain
    --list    -L List the rules in a chain or all chains
    
    --source      -s [!] address[/mask] source specification
    --destination -d [!] address[/mask] destination specification                         
    --jump        -j target
    
    INPUT = Incoming Access
    OUTPUT = Outgoing Access
    -I = Insert
    -D = Delete
    -s = Source Ip Address
    -j = Target Action
    DROP = Block action
    

Steps :
1. Login to your server via SSH as a root
2. To successfully block an IP address, just type this iptables syntax and it will take effect immediately.

syntax : iptables -I INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -I INPUT -s 192.168.2.2 -j DROP
    

3. To removed blocked IP address, just type this iptables syntax as below:

syntax : iptables -D INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -D INPUT -s 192.168.2.2 -j DROP
    

4. If you want to look at what’s iptables rules already loaded, type below syntax :

    [root@server ~]# iptables -L -n
    

How to Install and Configure Linux Iptables Firewall in CentOS 5

Iptables is the most popular packet filtering firewall package in linux. It can be used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

Steps:

Install the iptables wihthout gui.

[root@server ~]# yum install iptables

Install the iptables with Gui by run below command.

[root@server ~]# yum install system-config-securitylevel-tui iptstate firstboot-tui iptables
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: centos.maulvi.net
 * base: mirror.averse.net
 * epel: ftp.cuhk.edu.hk
 * extras: mirror.averse.net
 * updates: mirror.averse.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package firstboot-tui.i386 0:1.4.27.8-1.el5.centos set to be updated
---> Package iptables.i386 0:1.3.5-5.3.el5_4.1 set to be updated
---> Package iptstate.i386 0:1.4-2.el5 set to be updated
---> Package system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5 set to be updated
--> Processing Dependency: iptables-ipv6 for package: system-config-securitylevel-tui
--> Running transaction check
---> Package iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                              Arch      Version                      Repository
                                                                                        Size
=============================================================================================
Installing:
 firstboot-tui                        i386      1.4.27.8-1.el5.centos        base      189 k
 iptables                             i386      1.3.5-5.3.el5_4.1            base      233 k
 iptstate                             i386      1.4-2.el5                    base       27 k
 system-config-securitylevel-tui      i386      1.6.29.1-6.el5               base      254 k
Installing for dependencies:
 iptables-ipv6                        i386      1.3.5-5.3.el5_4.1            base      161 k

Transaction Summary
=============================================================================================
Install       5 Package(s)
Upgrade       0 Package(s)

Total download size: 864 k
Is this ok [y/N]: y
Downloading Packages:
(1/5): iptstate-1.4-2.el5.i386.rpm                                    |  27 kB     00:00
(2/5): iptables-ipv6-1.3.5-5.3.el5_4.1.i386.rpm                       | 161 kB     00:01
(3/5): firstboot-tui-1.4.27.8-1.el5.centos.i386.rpm                   | 189 kB     00:03
(4/5): iptables-1.3.5-5.3.el5_4.1.i386.rpm                            | 233 kB     00:03
(5/5): system-config-securitylevel-tui-1.6.29.1-6.el5.i386.rpm        | 254 kB     00:04
---------------------------------------------------------------------------------------------
Total                                                         60 kB/s | 864 kB     00:14
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                              1/5
  Installing     : iptables-ipv6                                                         2/5
  Installing     : system-config-securitylevel-tui                                       3/5
  Installing     : iptstate                                                              4/5
  Installing     : firstboot-tui                                                         5/5

Installed:
  firstboot-tui.i386 0:1.4.27.8-1.el5.centos
  iptables.i386 0:1.3.5-5.3.el5_4.1
  iptstate.i386 0:1.4-2.el5
  system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5

Dependency Installed:
  iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1

Complete!

Display Default Iptables rules:

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

To start, stop, and restart iptables, you can run below commands:

[root@server ~]# service iptables start
[root@server ~]# service iptables stop
[root@server ~]# service iptables restart

To get iptables configured to start at boot, use the chkconfig command:

[root@server ~]# chkconfig iptables on

Check the iptables status whether iptables is running or not with the below command:

[root@server ~]# service iptables status
Firewall is stopped.

You can view the iptables manual by run below command:

[root@server ~]# man iptables

Add below line to enable certain port/programs to pass through firewall such as:
22 = SSH
80 = Web service
443 = SSL Web service
25 = Sendmail or postfix
3306 = MySQL service
10000 = Webmin service

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

New configuration of the iptables should be like this.

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

You can view the iptables status by run the below command to see which port are currently open.

[root@server ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10000
15   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited