IPtable configuration in RHEL/CentOS 7
IPtables is a user-space utility program that allows the system administrator to configure the Linux kernel firewall IP packet filter rules, implemented as different Netfilter modules. Filters are organized into different tables, which contain chains of rules on how to handle network traffic packets. Different kernel programs and modules are currently used for different protocols, iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
IPtables requires elevated privileges to function and must be run by the root user otherwise it does not work. On most Linux systems iptables is installed in the / usr / sbin / iptables directory and is documented in its man pages, which can be opened using man iptables when installed. It can also be found in / sbin / iptables, but since iptables is more like a service than an "essential binary", the preferred location is still/usr/sbin.
IPtables replaced ipchains; and the successor to iptables is nftables, which was released on January 19, 2014 and merged with the main line of the Linux kernel in kernel version 3.13.
First we are going to check that the state of our IPtable, we can do it by executing the following command:
# service iptables status
Redirecting to /bin/systemctl status iptables.service
Unit iptables.service could not be found.
The previous output indicates that IPtable is not installed on our system, so we are going to install it.
1.We stop the execution of our firewall
# systemctl stop firewalld
2. We mask the services of our firewall
# systemctl mask firewalld
3. IPtable installation
# yum install iptables-services
4. We enable the launch of IPtable in our system with the following commands.
# systemctl enable iptables
# systemctl enable ip6tables
We start the IPtable services
# systemctl start iptables
We check the status of IPtable again.
# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2020-04-30 11:57:54 EDT; 2s ago
Process: 16191 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 16191 (code=exited, status=0/SUCCESS)
5. To see all the rules loaded in IPtable, we can do it by executing the following command:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
One of the most important parts of our configuration is the opening of ports in our IPtable.
To open a port in IPtable in RHEL/CentOS 7 for protocol (TCP)
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
To open a port in IPtable in RHEL/CentOS 7 for protocol (TCP).
# iptables -A INPUT -p udp --dport 80 -j ACCEPT
We check the opening of our port with the following command.
# iptables-save | grep 80
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
We could also check the active ports in our IPtable by editing /etc/services
If you have any questions, please feel free to contact Picaraza Domains Ltd support team 24/7/365.