Howto use the CentOS Firewall/iptables

Actually the implementation of iptables is easier to handle on CentOS, compared to Debian.

They created three small scripts, that makes it quite easy to handle.

service iptables save

Of course you still use the usual iptables syntax like this:

iptables -A INPUT -p tcp -s --dport 22 -j ACCEPT

After you added some rules, you simply can export your iptables config:

iptables-save > firewall.txt

It will look similar to this one:

# Generated by iptables-save v1.4.7 on Mon Nov  7 12:11:59 2011
:OUTPUT ACCEPT [23:6016]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# Completed on Mon Nov  7 12:11:59 2011

Just add, change or delete rules and re-import the file!

iptables-restore < firewall.txt

Try if the configuration is working and if you want to keep it on the next reboot just type:

Oh there was a little mistake in the code. In addition, today I had a problem with the new installed CentOS 6, where the restore command didn’t work properly, because not all the rules were applied. For that I figured out I had to update the system with a simple “yum update”. Seems like there was a corrupt package on my install CD.

service iptables save

Thx, to Derek for the explanations.

Leave a Reply

Your email address will not be published. Required fields are marked *