How to Configure Firewall in Linux
A Firewall is a network security system that controls the incoming and outgoing network traffic based on an applied rule set. A firewall controls access to the resources of a network through a positive control model.
Accept – Allow the connection.
Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.
Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.
View Firewall
To view the current firewall configuration use the command.
# iptables -L
Firewall Configuration
Edit the iptables configuration file:
# vi /etc/sysconfig/iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
OR
Execute the command on shell.
Firewall Rules:
Rule 1: Block all IP address
To block all connections from the specific IP address, define the rule
# iptables -A INPUT -s 192.168.0.100 -j DROP
Rule 2: Block network range of IP addresses
To block all of the IP addresses in specific network range then use the rule
# iptables -A INPUT -s 192.168.0.0/24 -j DROP
Rule 3: Enable Specific Ports
In order to check the well known port chart, use the link
# iptables -A input -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT # iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
Save Firewall Service
Save the iptable rules.
# /sbin/service iptables save
Leave a Reply
Want to join the discussion?Feel free to contribute!