The iptables rules in redhat based distro is being kept by default in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. To manipulate the firewall, just add or remove rules from this file, and restart iptables services. For example, we want to allow tftp port, which is port 69 udp:
- Edit /etc/sysconfig/iptables
# vi /etc/sysconfig/iptables
- Add the following lines, before the final LOG and DROP lines for INPUT chain:
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
- Save and close the file
- Restart iptables service:
# /etc/init.d/iptables restart
- Check your new iptables rules, where -L is to list all rules in the selected chain, and -n is for printing port in numeric output:
# sudo iptables -L -n
- And you can see that
"ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:69"
line is in the iptables file. - To save the new rules permanently, just run:
# /etc/init.d/iptables save
To block any particular port, you just need to edit /etc/sysconfig/iptables, remove the ACCEPT line that contain that port, and restart iptables, and you are done :)
No comments:
Post a Comment