Add rule on iptables

how could i allow server to not block
80
21
8443
110
and 587 ports inbound and outboung traffic on iptables ?
is there a list of secure ports ?
LVL 1
CahitEyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fosiul01Commented:


iptables -A INPUT -p tcp –dport 80 -j ALLOW
iptables -A INPUT -p tcp –dport 21 -j ALLOW

iptables -A INPUT -p tcp –dport 8443 -j ALLOW
iptables -A INPUT -p tcp –dport 110 -j ALLOW
iptables -A INPUT -p tcp –dport 568 -j ALLOW


service iptables save
service iptables restart

what you meant by secure ports??
0
CahitEyAuthor Commented:
[root@lin ~]# iptables -A INPUT -p tcp -dport 80 -j ALLOW
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
0
fosiul01Commented:
Or go to to

/etc/sysconfig/iptables

and if you see you have rules like
-A RH..  then just edit the /etc/sysconfig/iptables file  with bellow


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport   -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport  110 -j ACCEPT


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j ACCEPT

then Restart the iptables




0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

CahitEyAuthor Commented:
i mean that for example 1194 is vpn port and there could be a vulnerability on this ports standart program and i am a standart web server user , so i just want to open fully secured ports by standart cent os

for ex:
80
21
110
587
25
8443
....

etc

thanks
0
fosiul01Commented:
its --

iptables -A INPUT -p tcp --dport 80 -j ALLOW


Or just go to /etc/sysconfig/iptables file and insert rules


0
CahitEyAuthor Commented:
This is my result fousil

do you say me that will i add this lines to this file ?
[root@lin ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~
~
"/etc/sysconfig/iptables" 20L, 870C

Open in new window

0
CahitEyAuthor Commented:
Hello the result for

iptables -A INPUT -p tcp --dport 80 -j ALLOW

as given below

[root@lin ~]# iptables -A INPUT -p tcp --dport 80 -j ALLOW
iptables v1.3.5: Couldn't load target `ALLOW':/lib64/iptables/libipt_ALLOW.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

Open in new window

0
fosiul01Commented:
Best options is :

Block everything and insert one by one

like this  ( please read -- dport) i am copying from my site so there is typing problem


iptables -P INPUT DROP
 iptables -P OUTPUT DROP
 iptables -P FORWARD DROP
 iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
 iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

what this rule will do is :

it will block everything .. and will open one by one

0
fosiul01Commented:
Ok thats good

then do this . edit /etc/sysconfig/iptables  files


before this line


-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited


add this


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 568 -j  ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8443 -j  ACCEPT



then restart iptables





0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fosiul01Commented:
when its -RH rules

its actually by defualt block everything and allow what ever you are putting in iptables rules

0
CahitEyAuthor Commented:
I think it is ok :D

[root@lin ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]


Also please check this question you will like it :D

http://www.experts-exchange.com/OS/Linux/Distributions/CentOS/Q_26031319.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.