CentOS7.3 install iptables and detailed use

CentOS7.3 install iptables and detailed usage#

Installation operation##

Check status

First check if iptables is installed

$ service iptables status

Install iptables

$ yum install iptables

Upgrade iptables

$ yum update iptables 

Install iptables-services

$ yum install iptables-services

Edit configuration

$ vi /etc/sysconfig/iptables-config

Add configuration###

• Example: Open RabbitMQ's external port

iptables -I INPUT -p tcp --dport 5672-j ACCEPT
iptables -I INPUT -p tcp --dport 15672-j ACCEPT

Save configuration###

$ service iptables save

Read on for more operations

Restart service###

systemctl restart iptables.service

More detailed configuration rules##

Edit configuration

$ vi /etc/sysconfig/iptables-config

Rule operation###

View iptables existing rules

iptables -L -n

Allow all

iptables -P INPUT ACCEPT

Allow IO access

Allow data packets from the lo interface (local access)

iptables -A INPUT -i lo -j ACCEPT

Open port 443 (TCP)

iptables -A INPUT -p tcp --dport 443-j ACCEPT

Open port 443 (FTP)

iptables -A INPUT -p tcp --dport 443-j ACCEPT

Open port 80 (HTTP)

iptables -A INPUT -p tcp --dport 80-j ACCEPT

Open port 443 (HTTPS)

iptables -A INPUT -p tcp --dport 443-j ACCEPT

Allow ping

iptables -A INPUT -p icmp --icmp-type 8-j ACCEPT

Allow response

Allow the return data RELATED after accepting the request of the machine, which is set for FTP

iptables -A INPUT -m state --state  RELATED,ESTABLISHED -j ACCEPT

Discard all inbound

iptables -P INPUT DROP

Allow all outbound

iptables -P OUTPUT ACCEPT

Forward and discard

iptables -P FORWARD DROP

More common command operations##

Purge rules

• Clear existing iptables rules

iptables -F #Clear all default rules
iptables -X #Clear all custom rules
iptables -Z #All counters return to 0

Save configuration

$ service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

Open service

$ systemctl start  firewalld

Check status

$ service iptables status

Out of service

$ systemctl stop firewalld

Restart service

$ systemctl restart iptables.service

View rules

iptables -L -n

• v: Display detailed information, including the number of matched packets and the number of matched bytes for each rule
• x: On the basis of v, automatic unit conversion is prohibited (K, M) vps detective
• n: Only display IP address and port number, do not resolve ip to domain name

Mark display

• Display all iptables with serial numbers

$ iptables -L -n --line-numbers
Chain INPUT(policy ACCEPT)
num  target     prot opt source               destination         
1 ACCEPT     tcp  --0.0.0.0/00.0.0.0/0            tcp dpt:156722    ACCEPT     tcp  --0.0.0.0/00.0.0.0/0            tcp dpt:5672

Delete rule

• For example, to delete the rule with sequence number 1 in INPUT

iptables -D INPUT 1

Disable service

$ systemctl mask firewalld

boot

systemctl enable iptables.service 

Contact

• Author: Peng Lei
• Source: http://www.ymq.io
• Email：[email protected]
• Copyright belongs to the author, please indicate the source
• Wechat: Pay attention to the official account, search the cloud library, focus on the research and knowledge sharing of the development technology