How to edit iptables rules

  • CLI - iptables command

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

service iptables save > /etc/sysconfig/iptables

service iptables restart

  • CLI - Edit system configuration file /etc/sysconfig/iptables

vi /etc/sysconfig/iptables

service iptables restart

  • TUI interface - IPv6 must be enabled for this method

yum install dbus-python system-config-firewall-tui

Check for /etc/init.d/messagebus status if not then /etc/init.d/messagebus start

system-config-firewall-tui

  • GUI

system-config-firewall

Useful commands

  • List predefined services: lokkit --list-services
  • Limit SSH Connections Per IP: /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
  • Save current firewall rules on restart/stop:
  • NAT: iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 78.34.234.4 or iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
  • Port forwarding: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.1.23

vi /etc/sysconfig/iptables-config

IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_ON_STOP="no"
  • Insert a rule:
iptables -nvL --line-numbers
iptables -I INPUT 3 -p tcp --dport 80 -j ACCEPT
  • Delete a rule
iptables -nvL --line-numbers
iptables -D INPUT 3

Links

http://easyfwgen.morizot.net/gen/index.php