Allowing/ Rejecting PORT in Linux Firewall - iptables

Linux dedicated  software firewall system is called iptables. It is possible to control  ports for allow/deny in both inbound /outbound access.

There are many tools, both command-line based and web-based ( like webmin) that allow you to control and configure iptables.


As an example, let’s suppose you want to open the TCP port 389 for your ldap server.


1. Enter the following command:

#iptables -A INPUT -p tcp --dport 389 -j ACCEPT

On the other hand, if you wanted to close access to the same port, :

#iptables -A INPUT -p tcp --dport 389 -j DROP/REJECT

2. Once you are finished, save the changes you made

# /etc/init.d/iptables save

or 


# /etc/init.d/iptables save > /etc/sysconfig/iptables


3. Restart the firewall to take effect of new changes:

# /etc/init.d/iptables restart

or

# service iptables restart 

4. To see your iptables rule , run the following command:

#iptables -L -vn



Note that:

1. Some Linux distributions, such as Red Hat Enterprise Linux and CentOS provide basic iptables management through the “setup” program. Simply run “setup” as root and configure the firewall.

2. If your server uses a web-based control panel to configure the firewall, it is not a good idea to manually play with it except in cases of emergency where you cannot access services (such as the web).

3. Some iptables management software allows you to control it without actually having to use the iptables command. One good option for this is APF.