How to edit iptables rules

  • CLI - iptables command

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

service iptables save > /etc/sysconfig/iptables

service iptables restart

  • CLI - Edit system configuration file /etc/sysconfig/iptables

vi /etc/sysconfig/iptables

service iptables restart

  • TUI interface - IPv6 must be enabled for this method

yum install dbus-python system-config-firewall-tui

Check for /etc/init.d/messagebus status if not then /etc/init.d/messagebus start


  • GUI


Useful commands

  • List predefined services: lokkit --list-services
  • Limit SSH Connections Per IP: /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
  • Save current firewall rules on restart/stop:
  • NAT: iptables -t nat -A POSTROUTING -s -o eth0 -j SNAT --to-source or iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  • Port forwarding: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination

vi /etc/sysconfig/iptables-config

  • Insert a rule:
iptables -nvL --line-numbers
iptables -I INPUT 3 -p tcp --dport 80 -j ACCEPT
  • Delete a rule
iptables -nvL --line-numbers
iptables -D INPUT 3