How to Install and Configure Iptables Firewall on CentOS 6.3

This post covers the steps to install and configure iptables on linux CentOS 6.3 server. Iptables is a packet filtering firewall package in linux. It used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

1. To install iptables, simply run the following command :

[root@centos63 ~]# yum install iptables -y

2. Check iptables installed package and Version :

[root@centos63 ~]# rpm -qa | grep iptables
iptables-ipv6-1.4.7-5.1.el6_2.i686
iptables-1.4.7-5.1.el6_2.i686
[root@centos63 ~]# iptables --version
iptables v1.4.7

3. Check iptables status :

[root@centos63 ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

or

[root@centos63 ~]# service iptables status
iptables: Firewall is not running.

4. Start and stop iptables :

Start :

[root@centos63 ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]

Stop :

[root@centos63 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

5. To set iptables start at boot :

[root@centos63 ~]# chkconfig iptables on

6. Display Default Iptables rules:

[root@centos63 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

7. Display current opened port :

[root@centos63 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:46915               0.0.0.0:*                   LISTEN      1170/rpc.statd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1538/mysqld
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      1406/clamd
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1152/rpcbind
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1390/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1629/master
tcp        0      0 :::111                      :::*                        LISTEN      1152/rpcbind
tcp        0      0 :::59988                    :::*                        LISTEN      1170/rpc.statd
tcp        0      0 :::22                       :::*                        LISTEN      1390/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1629/master
udp        0      0 0.0.0.0:59738               0.0.0.0:*                               1170/rpc.statd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1152/rpcbind
udp        0      0 192.168.1.54:123            0.0.0.0:*                               1398/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               1398/ntpd
udp        0      0 0.0.0.0:903                 0.0.0.0:*                               1152/rpcbind
udp        0      0 0.0.0.0:922                 0.0.0.0:*                               1170/rpc.statd
udp        0      0 :::50667                    :::*                                    1170/rpc.statd
udp        0      0 :::111                      :::*                                    1152/rpcbind
udp        0      0 fe80::20c:29ff:fe1b:b39c:123 :::*                                    1398/ntpd
udp        0      0 ::1:123                     :::*                                    1398/ntpd
udp        0      0 :::123                      :::*                                    1398/ntpd
udp        0      0 :::903                      :::*                                    1152/rpcbind

8. Modify original Iptables configuration file :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Please note that two rules has been added in the iptables firewall rules :

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

How to Install system-config-firewall-tui on Linux CentOS 6.2 Server

In this post, i will guide you on how to install system-config-firewall-tui on linux CentOS 6.2 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, CentOS 6.0 and CentOS 6.1. system-config-firewall is a graphical user interface for setting basic firewall rules. For those who are not familiar in command line iptables, system-config-firewall-tui is the solution for them. Follow this steps to install and use system-config-firewall-tui on linux CentOS 6.2 server.

1. Perform yum install using the following command :

yum install system-config-firewall-tui -y
[root@centos62 ~]# yum install system-config-firewall-tui -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.hostemo.com
 * epel: ftp.cuhk.edu.hk
 * extras: mirrors.hostemo.com
 * updates: mirrors.hostemo.com
CentOS6.2-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package system-config-firewall-tui.noarch 0:1.2.27-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                          Arch         Version             Repository                  Size
====================================================================================================
Installing:
 system-config-firewall-tui       noarch       1.2.27-5.el6        CentOS6.2-Repository        37 k

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 37 k
Installed size: 59 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : system-config-firewall-tui-1.2.27-5.el6.noarch                                   1/1

Installed:
  system-config-firewall-tui.noarch 0:1.2.27-5.el6

Complete!

2. To start configure your iptables using “system-config-firewall-tui”, run the following command :

[root@centos62 ~]# system-config-firewall-tui

system-config-firewall-tui
3. After any changes, please restart your iptables using this command :

[root@centos62 ~]# service iptables restart

or

[root@centos62 ~]# /etc/init.d/iptables restart

How to Install Iptables on CentOS 5.8

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on linux CentOS 5.8 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, RHEL 5.4 and RHEL 5.5.

If your server does not installed iptables package, you will get this error message :

[root@centos58 ~]# service iptables status
iptables: unrecognized service

Simply run the following command to install iptables on Linux centOS 5.8 server.

[root@centos58 ~]# yum install iptables -y

Example :

[root@centos58 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

How to Remove iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable and remove iptables due to some reasons. In this post, i will show the quick step to remove iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

Check installed iptables package :

[root@CentOS57 ~]# rpm -qa iptables
iptables-1.3.5-9.1.el5

To remove iptables using rpm command, simply run this :

[root@CentOS57 ~]# rpm -e iptables-1.3.5-9.1.el5

To remove iptables using yum command, simply run this :

[root@CentOS57 ~]# yum install iptables -y

How to Install iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on CentOS 5.7. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, RHEL 5.4 and RHEL 5.5.

1. To install iptables, simply run this command :

[root@CentOS57 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

2. How to check iptables status on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.
[root@CentOS57 ~]#

3. How to start iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables start

or

[root@CentOS57 ~]# /etc/init.d/iptables start

4. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to Disable Firewall on RHEL 6

In this post, i will show how to disable Linux Iptables Firewall on Red Hat Enterprise Linux 6 (RHEL 6). A Linux firewall on RHEL 6 can be configured to filter every network packet that passes into or out of network. In some cases such as testing and development environment, you will need to disable the iptables firewall. To disable linux iptables firewall on RHEL6, you just to execute the following commands :

1. Before stop the iptables, save the firewall setting using the following command :

[root@rhel6 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

2. Stop iptables using the following command :

[root@rhel6 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

3. To ensure that iptables will not started at boot time, pleas execute this chkconfig command :

[root@rhel6 ~]# chkconfig iptables off

4. If IPv6 firewall is enabled, please disable it using the following commands :

[root@rhel6 ~]# service ip6tables save
ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[  OK  ]
[root@rhel6 ~]# service ip6tables stop
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
[root@rhel6 ~]# chkconfig ip6tables off

How to Install, Configure and Use Linux Iptables Firewall on CentOS 6.2

Iptables is the most popular packet filtering firewall package in linux. It can be used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets. In this post, i will show on how to install, configure and use Iptables Firewall on CentOS 6.2 server :

1. Check iptables installed package :

[root@centos62 ~]# rpm -qa | grep iptables
iptables-1.4.7-4.el6.i686
iptables-ipv6-1.4.7-4.el6.i686

2. Check Iptables version :

[root@centos62 ~]# iptables --version
iptables v1.4.7

3. If Iptables not installed, simply run this command to install :

[root@centos62 ~]# yum install iptables

4. Check Iptables status whether up or not :

[root@centos62 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

If Iptables not running, it will return this message :

[root@centos62 ~]# service iptables status
iptables: Firewall is not running.

5. Display Default Iptables rules:

[root@centos62 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

6. To start, stop, and restart iptables, you can run below commands :

[root@centos62 ~]# service iptables start
[root@centos62 ~]# service iptables stop
[root@centos62 ~]# service iptables restart

7. To set iptables start at boot :

[root@centos62 ~]# chkconfig iptables on

8. Display current opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1102/sshd   
tcp        0      0 :::22                       :::*                        LISTEN      1102/sshd   

Note : Only ssh port has been opened on this server and listening port is 22.

9. Add below line to enable certain port/programs to pass through firewall such as:

80 = Web service / httpd service
3306 = MySQL service / mysqld service

10. View and modify original Iptables configuration file :

[root@centos62 ~]# vi /etc/sysconfig/iptables

Original Iptables configuration file

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

11. Modify the Iptables configuration file as below. Add port “80” and port ” 3306″ :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

12. Start httpd and mysqld daemon service :

[root@centos62 ~]# service httpd start
[root@centos62 ~]# service mysqld start

13. Print updated opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1102/sshd   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2482/mysqld 
tcp        0      0 :::80                       :::*                        LISTEN      2345/httpd  
tcp        0      0 :::22                       :::*                        LISTEN      1102/sshd   

How to Install and Configure Linux Iptables Firewall in CentOS 5

Iptables is the most popular packet filtering firewall package in linux. It can be used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.

Steps:

Install the iptables wihthout gui.

[root@server ~]# yum install iptables

Install the iptables with Gui by run below command.

[root@server ~]# yum install system-config-securitylevel-tui iptstate firstboot-tui iptables
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: centos.maulvi.net
 * base: mirror.averse.net
 * epel: ftp.cuhk.edu.hk
 * extras: mirror.averse.net
 * updates: mirror.averse.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package firstboot-tui.i386 0:1.4.27.8-1.el5.centos set to be updated
---> Package iptables.i386 0:1.3.5-5.3.el5_4.1 set to be updated
---> Package iptstate.i386 0:1.4-2.el5 set to be updated
---> Package system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5 set to be updated
--> Processing Dependency: iptables-ipv6 for package: system-config-securitylevel-tui
--> Running transaction check
---> Package iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                              Arch      Version                      Repository
                                                                                        Size
=============================================================================================
Installing:
 firstboot-tui                        i386      1.4.27.8-1.el5.centos        base      189 k
 iptables                             i386      1.3.5-5.3.el5_4.1            base      233 k
 iptstate                             i386      1.4-2.el5                    base       27 k
 system-config-securitylevel-tui      i386      1.6.29.1-6.el5               base      254 k
Installing for dependencies:
 iptables-ipv6                        i386      1.3.5-5.3.el5_4.1            base      161 k

Transaction Summary
=============================================================================================
Install       5 Package(s)
Upgrade       0 Package(s)

Total download size: 864 k
Is this ok [y/N]: y
Downloading Packages:
(1/5): iptstate-1.4-2.el5.i386.rpm                                    |  27 kB     00:00
(2/5): iptables-ipv6-1.3.5-5.3.el5_4.1.i386.rpm                       | 161 kB     00:01
(3/5): firstboot-tui-1.4.27.8-1.el5.centos.i386.rpm                   | 189 kB     00:03
(4/5): iptables-1.3.5-5.3.el5_4.1.i386.rpm                            | 233 kB     00:03
(5/5): system-config-securitylevel-tui-1.6.29.1-6.el5.i386.rpm        | 254 kB     00:04
---------------------------------------------------------------------------------------------
Total                                                         60 kB/s | 864 kB     00:14
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                              1/5
  Installing     : iptables-ipv6                                                         2/5
  Installing     : system-config-securitylevel-tui                                       3/5
  Installing     : iptstate                                                              4/5
  Installing     : firstboot-tui                                                         5/5

Installed:
  firstboot-tui.i386 0:1.4.27.8-1.el5.centos
  iptables.i386 0:1.3.5-5.3.el5_4.1
  iptstate.i386 0:1.4-2.el5
  system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5

Dependency Installed:
  iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1

Complete!

Display Default Iptables rules:

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

To start, stop, and restart iptables, you can run below commands:

[root@server ~]# service iptables start
[root@server ~]# service iptables stop
[root@server ~]# service iptables restart

To get iptables configured to start at boot, use the chkconfig command:

[root@server ~]# chkconfig iptables on

Check the iptables status whether iptables is running or not with the below command:

[root@server ~]# service iptables status
Firewall is stopped.

You can view the iptables manual by run below command:

[root@server ~]# man iptables

Add below line to enable certain port/programs to pass through firewall such as:
22 = SSH
80 = Web service
443 = SSL Web service
25 = Sendmail or postfix
3306 = MySQL service
10000 = Webmin service

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

New configuration of the iptables should be like this.

[root@server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

You can view the iptables status by run the below command to see which port are currently open.

[root@server ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10000
15   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited