Iptables is a widely used firewall package in Linux, renowned for its packet filtering capabilities. It’s a powerful tool that allows you to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces with the Linux netfilter module to perform network packet filtering. This tutorial will guide you through the process of installing and configuring Iptables on CentOS 5.<\/p>\n
For a more in-depth understanding of the best web servers, you can visit our pages on best web servers<\/a>, Apache<\/a>, Nginx<\/a>, and LiteSpeed<\/a>.<\/p>\n The first step in setting up Iptables is to install it. You can install Iptables without a graphical user interface (GUI) by running the following command:<\/p>\n If you prefer to use a GUI, you can install Iptables with a GUI by running the command below:<\/p>\n This command will install several packages, including firstboot-tui, iptables, iptstate, and system-config-securitylevel-tui. You may also see a dependency for iptables-ipv6 being installed.<\/p>\n Example:<\/p>\n Display Default Iptables rules:<\/strong><\/p>\n Once Iptables is installed, you can display the default rules by running the following command:<\/p>\n This command will display the current configuration of your Iptables firewall.<\/p>\n You can start, stop, and restart Iptables using the following commands:<\/p>\n To configure Iptables to start at boot, use the chkconfig command:<\/p>\n You can check the status of Iptables to see if it is running or not with the command below:<\/p>\n You can view the Iptables manual by running the following command:<\/p>\n This command will display the manual for Iptables, providing you with detailed information about its usage and options.<\/p>\n You can configure Iptables to allow certain ports or programs to pass through the firewall. For example, you might want to allow the following:<\/p>\n You can do this by addingthe following lines to your Iptables configuration:<\/p>\n After adding these lines, your new Iptables configuration should look like this:<\/p>\n You can check the status of Iptables to see which ports are currently open by running the following command:<\/p>\n This command will display the current status of your Iptables firewall, including which ports are open.<\/p>\n Example:<\/p>\n Iptables is a powerful tool for managing packet filtering and firewall settings in Linux. By following this tutorial, you should now be able to install and configure Iptables on CentOS 5, understand how to view and modify the default Iptables rules, and know how to start, stop, and restart Iptables.<\/p>\n Remember, it’s crucial to configure your firewall settings correctly to ensure the security of your server. For more information on server hosting, you can visit our pages on dedicated server<\/a>, VPS server<\/a>, cloud hosting<\/a>, and shared hosting<\/a>.<\/p>\n If you have any questions or need further clarification, feel free to refer to the FAQ section or leave a comment. Happy hosting!<\/p>\n What is Iptables in Linux?<\/p>\n \n Iptables is a popular packet filtering firewall package in Linux. It allows you to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.<\/span>\n <\/p>\n<\/li>\n How do I install Iptables on CentOS 5?<\/p>\n \n You can install Iptables on CentOS 5 by running the command ‘yum install iptables’ for a non-GUI installation, or ‘yum install system-config-securitylevel-tui iptstate firstboot-tui iptables’ for a GUI installation.<\/span>\n <\/p>\n<\/li>\n How do I view the default Iptables rules?<\/p>\n \n You can view the default Iptables rules by running the command ‘cat \/etc\/sysconfig\/iptables’.<\/span>\n <\/p>\n<\/li>\n How do I start, stop, and restart Iptables?<\/p>\n \n You can start, stop, and restart Iptables by running the commands ‘service iptables start’, ‘service iptables stop’, and ‘service iptables restart’ respectively.<\/span>\n <\/p>\n<\/li>\n How do I check the status of Iptables?<\/p>\n \n Youcan check the status of Iptables by running the command ‘service iptables status’. This command will display the current status of your Iptables firewall, including which ports are open.<\/span>\n <\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":" Iptables is a widely used firewall package in Linux, renowned for its packet filtering capabilities. It’s a powerful tool that allows you to set up, maintain, and inspect the tables…<\/p>\n","protected":false},"author":6,"featured_media":1312,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1158],"tags":[2089,1975,1519,1536],"class_list":["post-1300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iptables","tag-configuration","tag-install","tag-iptables","tag-linux"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/1300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=1300"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/1300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/1312"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=1300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=1300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=1300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Step 1: Installing Iptables<\/h2>\n
\r\n[root@server ~]# yum install iptables\r\n<\/pre>\n
\r\n[root@server ~]# yum install system-config-securitylevel-tui iptstate firstboot-tui iptables\r\n<\/pre>\n
[root@server ~]# yum install system-config-securitylevel-tui iptstate firstboot-tui iptables\r\nLoaded plugins: fastestmirror\r\nLoading mirror speeds from cached hostfile\r\n * addons: centos.maulvi.net\r\n * base: mirror.averse.net\r\n * epel: ftp.cuhk.edu.hk\r\n * extras: mirror.averse.net\r\n * updates: mirror.averse.net\r\nSetting up Install Process\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package firstboot-tui.i386 0:1.4.27.8-1.el5.centos set to be updated\r\n---> Package iptables.i386 0:1.3.5-5.3.el5_4.1 set to be updated\r\n---> Package iptstate.i386 0:1.4-2.el5 set to be updated\r\n---> Package system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5 set to be updated\r\n--> Processing Dependency: iptables-ipv6 for package: system-config-securitylevel-tui\r\n--> Running transaction check\r\n---> Package iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1 set to be updated\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n=============================================================================================\r\n Package Arch Version Repository\r\n Size\r\n=============================================================================================\r\nInstalling:\r\n firstboot-tui i386 1.4.27.8-1.el5.centos base 189 k\r\n iptables i386 1.3.5-5.3.el5_4.1 base 233 k\r\n iptstate i386 1.4-2.el5 base 27 k\r\n system-config-securitylevel-tui i386 1.6.29.1-6.el5 base 254 k\r\nInstalling for dependencies:\r\n iptables-ipv6 i386 1.3.5-5.3.el5_4.1 base 161 k\r\n\r\nTransaction Summary\r\n=============================================================================================\r\nInstall 5 Package(s)\r\nUpgrade 0 Package(s)\r\n\r\nTotal download size: 864 k\r\nIs this ok [y\/N]: y\r\nDownloading Packages:\r\n(1\/5): iptstate-1.4-2.el5.i386.rpm | 27 kB 00:00\r\n(2\/5): iptables-ipv6-1.3.5-5.3.el5_4.1.i386.rpm | 161 kB 00:01\r\n(3\/5): firstboot-tui-1.4.27.8-1.el5.centos.i386.rpm | 189 kB 00:03\r\n(4\/5): iptables-1.3.5-5.3.el5_4.1.i386.rpm | 233 kB 00:03\r\n(5\/5): system-config-securitylevel-tui-1.6.29.1-6.el5.i386.rpm | 254 kB 00:04\r\n---------------------------------------------------------------------------------------------\r\nTotal 60 kB\/s | 864 kB 00:14\r\nRunning rpm_check_debug\r\nRunning Transaction Test\r\nFinished Transaction Test\r\nTransaction Test Succeeded\r\nRunning Transaction\r\n Installing : iptables 1\/5\r\n Installing : iptables-ipv6 2\/5\r\n Installing : system-config-securitylevel-tui 3\/5\r\n Installing : iptstate 4\/5\r\n Installing : firstboot-tui 5\/5\r\n\r\nInstalled:\r\n firstboot-tui.i386 0:1.4.27.8-1.el5.centos\r\n iptables.i386 0:1.3.5-5.3.el5_4.1\r\n iptstate.i386 0:1.4-2.el5\r\n system-config-securitylevel-tui.i386 0:1.6.29.1-6.el5\r\n\r\nDependency Installed:\r\n iptables-ipv6.i386 0:1.3.5-5.3.el5_4.1\r\n\r\nComplete!<\/pre>\n
[root@server ~]# cat \/etc\/sysconfig\/iptables\r\n# Firewall configuration written by system-config-securitylevel\r\n# Manual customization of this file is not recommended.\r\n*filter\r\n:INPUT ACCEPT [0:0]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [0:0]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -j RH-Firewall-1-INPUT\r\n-A FORWARD -j RH-Firewall-1-INPUT\r\n-A RH-Firewall-1-INPUT -i lo -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p 50 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p 51 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited\r\nCOMMIT<\/pre>\n
Step 2: Displaying Default Iptables Rules<\/h2>\n
\r\n[root@server ~]# cat \/etc\/sysconfig\/iptables\r\n<\/pre>\n
Step 3: Starting, Stopping, and Restarting Iptables<\/h2>\n
\r\n[root@server ~]# service iptables start\r\n[root@server ~]# service iptables stop\r\n[root@server ~]# service iptables restart\r\n<\/pre>\n
\r\n[root@server ~]# chkconfig iptables on\r\n<\/pre>\n
\r\n[root@server ~]# service iptables status\r\n<\/pre>\n
Step 4: Viewing the Iptables Manual<\/h2>\n
\r\n[root@server ~]# man iptables\r\n<\/pre>\n
Step 5: Configuring Iptables to Allow Certain Ports\/Programs<\/h2>\n
\n
\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT\r\n<\/pre>\n
\r\n[root@server ~]# cat \/etc\/sysconfig\/iptables\r\n# Firewall configuration written by system-config-securitylevel\r\n# Manual customization of this file is not recommended.\r\n*filter\r\n:INPUT ACCEPT [0:0]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [0:0]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -j RH-Firewall-1-INPUT\r\n-A FORWARD -j RH-Firewall-1-INPUT\r\n-A RH-Firewall-1-INPUT -i lo -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p 50 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p 51 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT\r\n-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited\r\nCOMMIT\r\n<\/pre>\n
Step 6: Checking the Status of Iptables<\/h2>\n
\r\n[root@server ~]# service iptables status\r\n<\/pre>\n
[root@server ~]# service iptables status\r\nTable: filter\r\nChain INPUT (policy ACCEPT)\r\nnum target prot opt source destination\r\n1 RH-Firewall-1-INPUT all -- 0.0.0.0\/0 0.0.0.0\/0\r\n\r\nChain FORWARD (policy ACCEPT)\r\nnum target prot opt source destination\r\n1 RH-Firewall-1-INPUT all -- 0.0.0.0\/0 0.0.0.0\/0\r\n\r\nChain OUTPUT (policy ACCEPT)\r\nnum target prot opt source destination\r\n\r\nChain RH-Firewall-1-INPUT (2 references)\r\nnum target prot opt source destination\r\n1 ACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0\r\n2 ACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 255\r\n3 ACCEPT esp -- 0.0.0.0\/0 0.0.0.0\/0\r\n4 ACCEPT ah -- 0.0.0.0\/0 0.0.0.0\/0\r\n5 ACCEPT udp -- 0.0.0.0\/0 224.0.0.251 udp dpt:5353\r\n6 ACCEPT udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:631\r\n7 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 tcp dpt:631\r\n8 ACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 state RELATED,ESTABLISHED\r\n9 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:22\r\n10 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:80\r\n11 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:443\r\n12 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:25\r\n13 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:3306\r\n14 ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:10000\r\n15 REJECT all -- 0.0.0.0\/0 0.0.0.0\/0 reject-with icmp-host-prohibited<\/pre>\n
Commands Mentioned<\/h2>\n
\n
Conclusion<\/h2>\n
FAQ<\/h2>\n
\n