Iptables is a firewall tool that is available on most Linux distributions, including CentOS and Red Hat. Here is a basic tutorial for configuring the iptables firewall on CentOS and Red Hat:
- Check the status of iptables by running the following command:
sudo systemctl status iptables
If the iptables service is not running, you can start it using the following command:
sudo systemctl start iptables
- By default, the iptables firewall allows all incoming traffic and denies all outgoing traffic. To set up rules for incoming and outgoing traffic, you can create a configuration file in the
/etc/sysconfig/iptablesdirectory. For example, to create a new configuration file, you can run the following command:
sudo nano /etc/sysconfig/iptables
- In the configuration file, you can add rules for incoming and outgoing traffic using the appropriate syntax. For example, to allow incoming SSH traffic, you can add the following rule:
-A INPUT -p tcp --dport 22 -j ACCEPT
This rule specifies that incoming traffic on the TCP port 22 (which is used by SSH) should be accepted.
- You can also add rules to allow or deny traffic from specific IP addresses or ranges. For example, to allow incoming traffic from a specific IP address, you can add the following rule:
-A INPUT -s 192.168.1.100 -j ACCEPT
This rule specifies that incoming traffic from the IP address 192.168.1.100 should be accepted.
- Once you have added your desired rules to the configuration file, save the file and exit the text editor.
- Apply the new iptables rules by running the following command:
sudo service iptables restart
- To verify that the new rules are in effect, you can list the iptables rules by running the following command:
sudo iptables -L
This command will list all the rules for the iptables firewall, including the rules you just added.
Note that these are just basic examples of iptables rules, and there are many more advanced configurations you can make to customize the behavior of the firewall. Additionally, iptables rules are not persistent, so if you reboot your system, any changes you have made will be lost. To make the rules persistent, you can use a tool such as iptables-save to save the rules to a file, and then use the iptables-restore command to apply the rules at startup.