Actually the implementation of iptables is easier to handle on CentOS, compared to Debian.
They created three small scripts, that makes it quite easy to handle.
iptables-save iptables-restore service iptables save
Of course you still use the usual iptables syntax like this:
iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT
After you added some rules, you simply can export your iptables config:
iptables-save > firewall.txt
It will look similar to this one:
# Generated by iptables-save v1.4.7 on Mon Nov 7 12:11:59 2011 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [23:6016] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Nov 7 12:11:59 2011
Just add, change or delete rules and re-import the file!
iptables-restore < firewall.txt
Try if the configuration is working and if you want to keep it on the next reboot just type:
Oh there was a little mistake in the code. In addition, today I had a problem with the new installed CentOS 6, where the restore command didn’t work properly, because not all the rules were applied. For that I figured out I had to update the system with a simple “yum update”. Seems like there was a corrupt package on my install CD.
service iptables save
Thx, to Derek for the explanations.