How to configure & add port in Iptables in CentOS 7.x / RHEL7.x

IPtables is the default firewall used on CentOS and RHEL systems.

 

1. Check the status of IPtables and start if it is stopped

# service iptables status
# service iptables start

2. Check IPtables Enable

# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig iptables on

2. To check current iptables rules (below output shows currently no iptables rules set).

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

3. Add firewall (iptable) rule to allow incoming TCP port (for example, 22):

# iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

4. List iptables to verify newly added rule.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Repeat step 3 to continue adding ports to the Linux firewall (iptables)

Procedure to load rules after every reboot

1. Make sure iptables rules added using the above procedure.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

2. Save iptables to a file. The file name in the below command can be anything.

# iptables-save > /root/iptable_rules

3. Edit ‘/etc/rc.local‘ file add the following entry to restore iptable rules after every reboot.

# iptables-restore < /root/iptable_rules

4. Save and close the file.

Leave a Reply

Your email address will not be published. Required fields are marked *