Add rule on iptables

how could i allow server to not block
80
21
8443
110
and 587 ports inbound and outboung traffic on iptables ?
is there a list of secure ports ?
LVL 1
CahitEyAsked:
Who is Participating?
 
fosiul01Commented:
Ok thats good

then do this . edit /etc/sysconfig/iptables  files


before this line


-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited


add this


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8443 -j  ACCEPT



then restart iptables





0
 
fosiul01Commented:


iptables -A INPUT -p tcp –dport 80 -j ALLOW
iptables -A INPUT -p tcp –dport 21 -j ALLOW

iptables -A INPUT -p tcp –dport 8443 -j ALLOW
iptables -A INPUT -p tcp –dport 110 -j ALLOW
iptables -A INPUT -p tcp –dport 568 -j ALLOW


service iptables save
service iptables restart

what you meant by secure ports??
0
 
CahitEyAuthor Commented:
[root@lin ~]# iptables -A INPUT -p tcp -dport 80 -j ALLOW
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
fosiul01Commented:
Or go to to

/etc/sysconfig/iptables

and if you see you have rules like
-A RH..  then just edit the /etc/sysconfig/iptables file  with bellow


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport   -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport  110 -j ACCEPT


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j ACCEPT

then Restart the iptables




0
 
CahitEyAuthor Commented:
i mean that for example 1194 is vpn port and there could be a vulnerability on this ports standart program and i am a standart web server user , so i just want to open fully secured ports by standart cent os

for ex:
80
21
110
587
25
8443
....

etc

thanks
0
 
fosiul01Commented:
its --

iptables -A INPUT -p tcp --dport 80 -j ALLOW


Or just go to /etc/sysconfig/iptables file and insert rules


0
 
CahitEyAuthor Commented:
This is my result fousil

do you say me that will i add this lines to this file ?
[root@lin ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~
~
"/etc/sysconfig/iptables" 20L, 870C

Open in new window

0
 
CahitEyAuthor Commented:
Hello the result for

iptables -A INPUT -p tcp --dport 80 -j ALLOW

as given below

[root@lin ~]# iptables -A INPUT -p tcp --dport 80 -j ALLOW
iptables v1.3.5: Couldn't load target `ALLOW':/lib64/iptables/libipt_ALLOW.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

Open in new window

0
 
fosiul01Commented:
Best options is :

Block everything and insert one by one

like this  ( please read -- dport) i am copying from my site so there is typing problem


iptables -P INPUT DROP
 iptables -P OUTPUT DROP
 iptables -P FORWARD DROP
 iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
 iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

what this rule will do is :

it will block everything .. and will open one by one

0
 
fosiul01Commented:
when its -RH rules

its actually by defualt block everything and allow what ever you are putting in iptables rules

0
 
CahitEyAuthor Commented:
I think it is ok :D

[root@lin ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]


Also please check this question you will like it :D

http://www.experts-exchange.com/OS/Linux/Distributions/CentOS/Q_26031319.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.