• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1194
  • Last Modified:

Iptables configuration

I have installed centos 5.3 on a remote machine. Right now there are no limitations who can access http server - everything is set to default (port 80 and 22 are open).

How can I configure iptables on this remote machine so that only my home static IP will have acces through port 22 and three others to port 80?

I have tried the following:
#: IPTABLES -A INPUT -s <my_ip> -p tcp --dport 22 -j ACCEPT
#: iptables-save

when I tested this on another static ip machine the access was granted although It should not have been.

Can you help me configure iptables?

Thank you
1 Solution
do this

iptables -P INPUT DROP    [ so it will bloack any input]

iptables -A INPUT --source xx.xx.xx.xx -p tcp --dport 22 -j ACCEPT   [ it will only allow from selected Ip ]

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

then Save the iptables rules
then restart
you may need to post your rules here so they can be modified in full. at the moment we cant really say for sure where to add or delete rules, it's just guessing really.

Whenever I update my rules I do it from a script because it's easier to edit and follow. Once I have the rules I want I then just do the iptables save and let the startup script sort it out on reboots.
You should change the rules in /etc/sysconfig/iptables. Once you've changed it, you can apply your rules by the command: service iptables restart. But you'd better run a script like this: echo 'service iptables stop' | at now + 5 minute; service iptables restart. If you make a mistake the firewall will be stopped after 5 minute and you will be able to access your server through ssh.
You wrote right rules, but the command "iptables -A" added rules in the end of the chain, after accept rules for 22 and 80 ports, so it had no affect.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

SimpleJAuthor Commented:
Thank you all !

espacially for the script echo 'service iptables stop' | at now + 5 minute; service iptables restart. - good one!

Can you tell me, how

echo 'service iptables stop' | at now + 5 minute;

helped you to solved your problem ??

if echo 'service iptables stop' | at now + 5 minute; , solved your problem then i will have to say, you didnot read my reply about start and stop iptables

so can you please explain me, why you except that answer ??
SimpleJAuthor Commented:
I accepted this answer because of:

1.You should change the rules in /etc/sysconfig/iptables (open and copy lines with -s IP - easier)
2.echo 'service iptables stop' | at now + 5 minute; service iptables restart (I did not know about that - usefull)
3.You wrote right rules, but the command "iptables -A" added rules in the end of the chain, after accept rules for 22 and 80 ports, so it had no affect. (good explanation)

Overall - lots of usefull info,... however your solution was also excelent and straight forward.

thank you all

I understand what you saying, but at same time, i am not  objecting  for the points.

the point i am trying to make it

the solution you accepted its jsut modifyed solution of my one. and yes, he had 1 extra good advise about + 5 minutes

you already said that the solution i gave its straightforward, and i k now that that perfect.

anyway, EE rules is, if you think 2 experts gave you same solution in the same time  then distributes points.

anyway, never mind.
Good luck with EE

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now