{"id":3755,"date":"2012-08-14T23:51:23","date_gmt":"2012-08-14T15:51:23","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=3755"},"modified":"2023-04-28T09:49:00","modified_gmt":"2023-04-28T09:49:00","slug":"how-to-install-and-configure-iptables-firewall-on-centos-6-3","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-install-and-configure-iptables-firewall-on-centos-6-3\/","title":{"rendered":"How to Install and Configure Iptables Firewall on CentOS 6.3"},"content":{"rendered":"

\"\"This post covers the steps to install and configure iptables on linux CentOS 6.3 server. Iptables is a packet filtering firewall package in linux. It used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables interfaces to the Linux netfilter module to perform filtering of network packets.<\/p>\n

1. To install iptables, simply run the following command :<\/p>\n

\n[root@centos63 ~]# yum install iptables -y\n<\/pre>\n
2. Check iptables installed package and Version :<\/p>\n
\n[root@centos63 ~]# rpm -qa | grep iptables\niptables-ipv6-1.4.7-5.1.el6_2.i686\niptables-1.4.7-5.1.el6_2.i686\n<\/pre>\n
\n[root@centos63 ~]# iptables --version\niptables v1.4.7\n<\/pre>\n
3. Check iptables status :<\/p>\n
\n[root@centos63 ~]# \/etc\/init.d\/iptables status\niptables: Firewall is not running.\n<\/pre>\n
or<\/p>\n
\n[root@centos63 ~]# service iptables status\niptables: Firewall is not running.\n<\/pre>\n
4. Start and stop iptables :<\/p>\n
Start :<\/p>\n
\n[root@centos63 ~]# service iptables start\niptables: Applying firewall rules:                         [  OK  ]\n<\/pre>\n
Stop :<\/p>\n
\n[root@centos63 ~]# service iptables stop\niptables: Flushing firewall rules:                         [  OK  ]\niptables: Setting chains to policy ACCEPT: filter          [  OK  ]\niptables: Unloading modules:                               [  OK  ]\n<\/pre>\n
5. To set iptables start at boot :<\/p>\n
\n[root@centos63 ~]# chkconfig iptables on\n<\/pre>\n
6. Display Default Iptables rules:<\/p>\n
\n[root@centos63 ~]# cat \/etc\/sysconfig\/iptables\n# Firewall configuration written by system-config-firewall\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n<\/pre>\n
7. Display current opened port :<\/p>\n
\n[root@centos63 ~]# netstat -plunt\nActive Internet connections (only servers)\nProto Recv-Q Send-Q Local Address               Foreign Address             State       PID\/Program name\ntcp        0      0 0.0.0.0:46915               0.0.0.0:*                   LISTEN      1170\/rpc.statd\ntcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1538\/mysqld\ntcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      1406\/clamd\ntcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1152\/rpcbind\ntcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1390\/sshd\ntcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1629\/master\ntcp        0      0 :::111                      :::*                        LISTEN      1152\/rpcbind\ntcp        0      0 :::59988                    :::*                        LISTEN      1170\/rpc.statd\ntcp        0      0 :::22                       :::*                        LISTEN      1390\/sshd\ntcp        0      0 ::1:25                      :::*                        LISTEN      1629\/master\nudp        0      0 0.0.0.0:59738               0.0.0.0:*                               1170\/rpc.statd\nudp        0      0 0.0.0.0:111                 0.0.0.0:*                               1152\/rpcbind\nudp        0      0 192.168.1.54:123            0.0.0.0:*                               1398\/ntpd\nudp        0      0 127.0.0.1:123               0.0.0.0:*                               1398\/ntpd\nudp        0      0 0.0.0.0:123                 0.0.0.0:*                               1398\/ntpd\nudp        0      0 0.0.0.0:903                 0.0.0.0:*                               1152\/rpcbind\nudp        0      0 0.0.0.0:922                 0.0.0.0:*                               1170\/rpc.statd\nudp        0      0 :::50667                    :::*                                    1170\/rpc.statd\nudp        0      0 :::111                      :::*                                    1152\/rpcbind\nudp        0      0 fe80::20c:29ff:fe1b:b39c:123 :::*                                    1398\/ntpd\nudp        0      0 ::1:123                     :::*                                    1398\/ntpd\nudp        0      0 :::123                      :::*                                    1398\/ntpd\nudp        0      0 :::903                      :::*                                    1152\/rpcbind\n<\/pre>\n
8. Modify original Iptables configuration file :<\/p>\n
\n# Firewall configuration written by system-config-firewall\n# Manual customization of this file is not recommended.\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A INPUT -p icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT\n-A INPUT -j REJECT --reject-with icmp-host-prohibited\n-A FORWARD -j REJECT --reject-with icmp-host-prohibited\nCOMMIT\n<\/pre>\n
Please note that two rules has been added in the iptables firewall rules :<\/p>\n
\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
This post covers the steps to install and configure iptables on linux CentOS 6.3 server. Iptables is a packet filtering firewall package in linux. It used to set up, maintain,…<\/p>\n","protected":false},"author":6,"featured_media":1312,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[2055,1145,1158],"tags":[1254,1519,1536,1744],"class_list":["post-3755","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","category-firewall","category-iptables","tag-centos-6-3","tag-iptables","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/3755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=3755"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/3755\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/1312"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=3755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=3755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=3755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}