To allow TCP traffic on ports 389 and 636 for an OpenLDAP server on a Linux machine using iptables, you can use the following commands:
- Allow TCP traffic on port 389:
sudo iptables -A INPUT -p tcp --dport 389 -j ACCEPT
- Allow TCP traffic on port 636:
sudo iptables -A INPUT -p tcp --dport 636 -j ACCEPT
These commands add rules to the iptables firewall to allow incoming TCP traffic on ports 389 and 636, respectively. The -A option appends the rule to the end of the chain. The -p option specifies the protocol, which in this case is TCP. The --dport option specifies the destination port. Finally, the -j option specifies the action to take if the traffic matches the rule, which is to accept the traffic in this case.
Note that these commands only add the rules temporarily, and they will be lost if the system is rebooted or if the iptables service is restarted. To make the rules permanent, you will need to save them to the iptables configuration file. The location of the file may vary depending on the Linux distribution you are using, but it is usually /etc/iptables/rules.v4.