{"id":150,"date":"2015-05-06T07:06:56","date_gmt":"2015-05-06T07:06:56","guid":{"rendered":"https:\/\/www.nonamehosts.com\/blog\/?p=150"},"modified":"2015-05-06T07:06:56","modified_gmt":"2015-05-06T07:06:56","slug":"most-common-iptables-rules","status":"publish","type":"post","link":"https:\/\/www.nonamehosts.com\/blog\/tutorials\/most-common-iptables-rules\/","title":{"rendered":"Most common iptables rules"},"content":{"rendered":"<p style=\"text-align: justify;\">This brief tutorial is going to show you how to setup or configure a simple yet effective firewall rules for your systems. These rules also apply to Linux systems using iptables firewall. iptables is a simple firewall installed on most Linux systems by default. It\u2019s used to allow or deny network communications in or out of a system.<\/p>\n<p style=\"text-align: justify;\"><!--more--><\/p>\n<p style=\"text-align: justify;\">The way iptables or any firewall work is simple. One rule per line. When a communication is opened to the system, iptables or the firewall in place checks its rules, when the traffic matches a particular rule, that rule is applied. By default, if a traffic doesn\u2019t match any rule, it\u2019s automatically denied by most firewalls.<\/p>\n<h3><strong>Basics<\/strong><\/h3>\n<ul>\n<li>Iptables rules can be changed on the fly by using the iptables binary.<\/li>\n<li>The rules that are set using iptables command are in memory only and will vanish when the daemon is restarted.<\/li>\n<li>The firewall rules added on the fly can be saved to the configuration file easily in CentOS\/RHEL with the command service iptables save<\/li>\n<li>This is no need to edit the configuration file unless you really want to.<\/li>\n<li>You can completely lock down all inbound, outbound and forwarded traffic if needed. It generally just causes a lot more administration and usually isn&#8217;t necessary.<\/li>\n<\/ul>\n<h3><span id=\"Basic_Commands\" class=\"mw-headline\">Basic Commands<\/span><\/h3>\n<ul>\n<li><b>iptables -F\u00a0<\/b>delete all firewall rules from memory.<\/li>\n<li><b>iptables -L\u00a0<\/b>List current firewall policies<\/li>\n<li><b>service iptables save<\/b> (CentOS\/RHEL) save current rules in memory to configuration file (\/etc\/sysconfig\/iptables)<\/li>\n<li><b>service iptables restart<\/b> restart iptables daemon and load firewall rules from configuration file.<\/li>\n<li><b>iptables-save &gt; \/root\/firwallrules.fw<\/b> save firewall rules in memory to a specific configuration file.<\/li>\n<li><b>iptables-restore &gt; \/root\/firwallrules.fw<\/b> restore firewall rules from a specific configuration file to memory.<\/li>\n<\/ul>\n<h4><span id=\"Backup_Current_Iptables_Configuration_to_File\" class=\"mw-headline\">Backup Current Iptables Configuration to File<\/span><\/h4>\n<p>Before you begin, it is recommended to backup your current firewall rules.<\/p>\n<p><b>Example:<\/b><\/p>\n<pre class=\"decode-attributes:false lang:sh decode:true\"># iptables-save &gt; \/home\/user1\/iptable-rules-20130308.fw<\/pre>\n<h4><span id=\"Remove_All_Current_Rules\" class=\"mw-headline\">Remove All Current Rules<\/span><\/h4>\n<pre class=\"\"># iptables -F<\/pre>\n<h4><span id=\"Set_Policy_Chains_Default_Rule\" class=\"mw-headline\">Set Policy Chains Default Rule<\/span><\/h4>\n<pre class=\"\"># iptables -P INPUT DROP<\/pre>\n<pre class=\"\"># iptables -P OUTPUT ACCEPT<\/pre>\n<pre class=\"\"># iptables -P FORWARD ACCEPT<\/pre>\n<h4><span id=\"Allow_Loopback\" class=\"mw-headline\">Allow Loopback<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -i lo -j ACCEPT<\/pre>\n<h4><span id=\"Allow_All_Established_and_Related_Connections\" class=\"mw-headline\">Allow All Established and Related Connections<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<\/pre>\n<h4><span id=\"Allow_ICMP_.22ping.22_from_LAN_.28TCP_Port_22.29\" class=\"mw-headline\">Allow ICMP &#8220;ping&#8221; from LAN (TCP Port 22)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p icmp -s 192.168.0.0\/24 --icmp-type echo-request -j ACCEPT<\/pre>\n<h4><span id=\"Allow_SSH_from_LAN_.28TCP_Port_22.29\" class=\"mw-headline\">Allow SSH from LAN (TCP Port 22)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p tcp -s 192.168.0.0\/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT\n<\/pre>\n<h4><span id=\"Allow_RSYNC_from_LAN_.28TCP_Port_873.29\" class=\"mw-headline\">Allow RSYNC from LAN (TCP Port 873)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p tcp -s 192.168.0.0\/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT<\/pre>\n<h4><span id=\"Allow_HTTP_.28TCP_Port_80.29\" class=\"mw-headline\">Allow HTTP (TCP Port 80)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT<\/pre>\n<h4><span id=\"Allow_HTTPS_.28TCP_Port_443.29\" class=\"mw-headline\">Allow HTTPS (TCP Port 443)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT<\/pre>\n<h4><span id=\"Allow_MySQL_Server_Access_from_LAN_.28TCP_Port_3306.29\" class=\"mw-headline\">Allow MySQL Server Access from LAN (TCP Port 3306)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -p tcp -s 192.168.0.0\/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT<\/pre>\n<h4><span id=\"Allow_Nagios_NRPE_Client_Access_from_Nagios_Server_.28TCP_Port_5666.29\" class=\"mw-headline\">Allow Nagios NRPE Client Access from Nagios Server (TCP Port 5666)<\/span><\/h4>\n<pre class=\"\"># iptables -A INPUT -s 192.168.0.100 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT<\/pre>\n<h4><span id=\"Save_Current_Rules_in_Memory_to_Configuration_File\" class=\"mw-headline\">Save Current Rules in Memory to Configuration File<\/span><\/h4>\n<pre class=\"\"># service iptables save<\/pre>\n<h4><span id=\"Restart_Service\" class=\"mw-headline\">Restart Service<\/span><\/h4>\n<pre class=\"\"># service iptables restart<\/pre>\n<h4><span id=\"Restore_Iptables_Rules_from_Backup_File\" class=\"mw-headline\">Restore Iptables Rules from Backup File<\/span><\/h4>\n<p>If you made a backup file or pulling a copy of rules from another system and wish to restore\/replace the rules then use the following command.<\/p>\n<pre class=\"decode-attributes:false lang:sh decode:true\"># iptables-restore &lt; \/path\/to\/somewhere\/filename<\/pre>\n<p><b>Example:<\/b><\/p>\n<pre class=\"decode-attributes:false lang:sh decode:true\"># iptables-restore &lt; \/home\/user1\/iptable-rules-20130308.fw<\/pre>\n<h4><span id=\"Restart_Service_2\" class=\"mw-headline\">Restart Service<\/span><\/h4>\n<pre class=\"\"># service iptables restart<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This brief tutorial is going to show you how to setup or configure a simple yet effective firewall rules for your systems. These rules also apply to Linux systems using iptables firewall. iptables is a simple firewall installed on most Linux systems by default. It\u2019s used to allow or deny network communications in or out [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[40,57,63,113,115,118],"class_list":["post-150","post","type-post","status-publish","format-standard","hentry","category-tutorials","tag-firewall","tag-howto","tag-iptables","tag-security","tag-server","tag-setup"],"_links":{"self":[{"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/posts\/150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/comments?post=150"}],"version-history":[{"count":0,"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/posts\/150\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/media?parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/categories?post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nonamehosts.com\/blog\/wp-json\/wp\/v2\/tags?post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}