CahitEy
asked on
Add rule on iptables
how could i allow server to not block
80
21
8443
110
and 587 ports inbound and outboung traffic on iptables ?
is there a list of secure ports ?
80
21
8443
110
and 587 ports inbound and outboung traffic on iptables ?
is there a list of secure ports ?
ASKER
[root@lin ~]# iptables -A INPUT -p tcp -dport 80 -j ALLOW
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
Or go to to
/etc/sysconfig/iptables
and if you see you have rules like
-A RH.. then just edit the /etc/sysconfig/iptables file with bellow
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j ACCEPT
then Restart the iptables
/etc/sysconfig/iptables
and if you see you have rules like
-A RH.. then just edit the /etc/sysconfig/iptables file with bellow
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j ACCEPT
then Restart the iptables
ASKER
i mean that for example 1194 is vpn port and there could be a vulnerability on this ports standart program and i am a standart web server user , so i just want to open fully secured ports by standart cent os
for ex:
80
21
110
587
25
8443
....
etc
thanks
for ex:
80
21
110
587
25
8443
....
etc
thanks
its --
iptables -A INPUT -p tcp --dport 80 -j ALLOW
Or just go to /etc/sysconfig/iptables file and insert rules
iptables -A INPUT -p tcp --dport 80 -j ALLOW
Or just go to /etc/sysconfig/iptables file and insert rules
ASKER
This is my result fousil
do you say me that will i add this lines to this file ?
do you say me that will i add this lines to this file ?
[root@lin ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~
~
"/etc/sysconfig/iptables" 20L, 870C
ASKER
Hello the result for
iptables -A INPUT -p tcp --dport 80 -j ALLOW
as given below
iptables -A INPUT -p tcp --dport 80 -j ALLOW
as given below
[root@lin ~]# iptables -A INPUT -p tcp --dport 80 -j ALLOW
iptables v1.3.5: Couldn't load target `ALLOW':/lib64/iptables/libipt_ALLOW.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Best options is :
Block everything and insert one by one
like this ( please read -- dport) i am copying from my site so there is typing problem
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
what this rule will do is :
it will block everything .. and will open one by one
Block everything and insert one by one
like this ( please read -- dport) i am copying from my site so there is typing problem
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
what this rule will do is :
it will block everything .. and will open one by one
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
when its -RH rules
its actually by defualt block everything and allow what ever you are putting in iptables rules
its actually by defualt block everything and allow what ever you are putting in iptables rules
ASKER
I think it is ok :D
[root@lin ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
Also please check this question you will like it :D
https://www.experts-exchange.com/questions/26031319/Change-ssh-port.html
[root@lin ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
Also please check this question you will like it :D
https://www.experts-exchange.com/questions/26031319/Change-ssh-port.html
iptables -A INPUT -p tcp –dport 80 -j ALLOW
iptables -A INPUT -p tcp –dport 21 -j ALLOW
iptables -A INPUT -p tcp –dport 8443 -j ALLOW
iptables -A INPUT -p tcp –dport 110 -j ALLOW
iptables -A INPUT -p tcp –dport 568 -j ALLOW
service iptables save
service iptables restart
what you meant by secure ports??