Now Playing Tracks

quick edit/modify iptables rules for RHEL 6.4 (Santiago)

editing iptables rules is an important part for a web developer. at least I need it frequently. I thought if I write it down here it might help others. or at least me :) this process should work on any linux based distribution. all the following commands should be run as a root user. if you are not in root shell you can go there with the following command:
$ sudo su
view current iptable rules as list nd line numbers
# iptables --line-numbers -n -L
flush our iptable rules. caution: this will clear all existing rules. watch it mister!
# /sbin/iptables -F

open rules in vim

# vim /etc/iptables.up.rules
example /etc/iptables.up.rules file

*filter

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT


# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT
parse and prepare your changes in the above file
# /sbin/iptables-restore < /etc/iptables.up.rules
now confirm that it is what you expected
# /sbin/iptables -L
save all your changes
# /sbin/service iptables save
if everything goes well, you should see something like this:
Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
if you need to do it later here are the steps
# vim /etc/iptables.up.rules
# /sbin/iptables -F
# /sbin/iptables-restore < /etc/iptables.up.rules
# /sbin/service iptables save    
To Tumblr, Love Pixel Union