[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1190
  • Last Modified:

Iptables configuration

I have installed centos 5.3 on a remote machine. Right now there are no limitations who can access http server - everything is set to default (port 80 and 22 are open).

How can I configure iptables on this remote machine so that only my home static IP will have acces through port 22 and three others to port 80?

I have tried the following:
#: IPTABLES -A INPUT -s <my_ip> -p tcp --dport 22 -j ACCEPT
#: iptables-save

when I tested this on another static ip machine the access was granted although It should not have been.

Can you help me configure iptables?

Thank you
0
SimpleJ
Asked:
SimpleJ
1 Solution
 
fosiul01Commented:
do this

iptables -P INPUT DROP    [ so it will bloack any input]

iptables -A INPUT --source xx.xx.xx.xx -p tcp --dport 22 -j ACCEPT   [ it will only allow from selected Ip ]


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


then Save the iptables rules
then restart
0
 
joolsCommented:
you may need to post your rules here so they can be modified in full. at the moment we cant really say for sure where to add or delete rules, it's just guessing really.

Whenever I update my rules I do it from a script because it's easier to edit and follow. Once I have the rules I want I then just do the iptables save and let the startup script sort it out on reboots.
0
 
kazimurCommented:
You should change the rules in /etc/sysconfig/iptables. Once you've changed it, you can apply your rules by the command: service iptables restart. But you'd better run a script like this: echo 'service iptables stop' | at now + 5 minute; service iptables restart. If you make a mistake the firewall will be stopped after 5 minute and you will be able to access your server through ssh.
You wrote right rules, but the command "iptables -A" added rules in the end of the chain, after accept rules for 22 and 80 ports, so it had no affect.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
SimpleJAuthor Commented:
Thank you all !

espacially for the script echo 'service iptables stop' | at now + 5 minute; service iptables restart. - good one!
0
 
fosiul01Commented:
@SimpleJ

Can you tell me, how

echo 'service iptables stop' | at now + 5 minute;

helped you to solved your problem ??

if echo 'service iptables stop' | at now + 5 minute; , solved your problem then i will have to say, you didnot read my reply about start and stop iptables

so can you please explain me, why you except that answer ??
0
 
SimpleJAuthor Commented:
I accepted this answer because of:

1.You should change the rules in /etc/sysconfig/iptables (open and copy lines with -s IP - easier)
2.echo 'service iptables stop' | at now + 5 minute; service iptables restart (I did not know about that - usefull)
3.You wrote right rules, but the command "iptables -A" added rules in the end of the chain, after accept rules for 22 and 80 ports, so it had no affect. (good explanation)

Overall - lots of usefull info,... however your solution was also excelent and straight forward.

thank you all
0
 
fosiul01Commented:


I understand what you saying, but at same time, i am not  objecting  for the points.

the point i am trying to make it

the solution you accepted its jsut modifyed solution of my one. and yes, he had 1 extra good advise about + 5 minutes

you already said that the solution i gave its straightforward, and i k now that that perfect.

anyway, EE rules is, if you think 2 experts gave you same solution in the same time  then distributes points.

anyway, never mind.
Good luck with EE


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now