How to setup IPtable in RHEL/CentOS 7

IPtable configuration in RHEL/CentOS 7

IPtables is a user-space utility program that allows the system administrator to configure the Linux kernel firewall IP packet filter rules, implemented as different Netfilter modules. Filters are organized into different tables, which contain chains of rules on how to handle network traffic packets. Different kernel programs and modules are currently used for different protocols, iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

IPtables requires elevated privileges to function and must be run by the root user otherwise it does not work. On most Linux systems iptables is installed in the / usr / sbin / iptables directory and is documented in its man pages, which can be opened using man iptables when installed. It can also be found in / sbin / iptables, but since iptables is more like a service than an "essential binary", the preferred location is still/usr/sbin.

IPtables replaced ipchains; and the successor to iptables is nftables, which was released on January 19, 2014 and merged with the main line of the Linux kernel in kernel version 3.13.

First we are going to check that the state of our IPtable, we can do it by executing the following command:

# service iptables status
Redirecting to /bin/systemctl status iptables.service
Unit iptables.service could not be found.

The previous output indicates that IPtable is not installed on our system, so we are going to install it.

1.We stop the execution of our firewall

# systemctl stop firewalld

2. We mask the services of our firewall

# systemctl mask firewalld

3. IPtable installation

# yum install iptables-services

4. We enable the launch of IPtable in our system with the following commands.

# systemctl enable iptables
# systemctl enable ip6tables

We start the IPtable services

# systemctl start iptables

We check the status of IPtable again.

# systemctl status iptables
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2020-04-30 11:57:54 EDT; 2s ago
Process: 16191 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 16191 (code=exited, status=0/SUCCESS)

5. To see all the rules loaded in IPtable, we can do it by executing the following command:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

One of the most important parts of our configuration is the opening of ports in our IPtable.

To open a port in IPtable in RHEL/CentOS 7 for protocol (TCP)

# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

To open a port in IPtable in RHEL/CentOS 7 for protocol (TCP).

# iptables -A INPUT -p udp --dport 80 -j ACCEPT

We check the opening of our port with the following command.

# iptables-save | grep 80
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

We could also check the active ports in our IPtable by editing /etc/services

If you have any questions, please feel free to contact Picaraza Domains Ltd support team 24/7/365.

Was this answer helpful?

Related Articles

CentOS 7 monitoring

Netdata is an open source tool to visualize and monitor in real time the performance of our...

Antivirus in CentOS 7

It is a very good alternative to have an antivirus on our Linux server, with the installation of...

Let's Encrypt SSL/TLS certificates with certbot

Let's Encrypt is an automated and open certification authority (CA) operated by Internet Security...

Linux Firewalld

how to start, restart or view Linux firewall status Firewall is a management tool that allows or...