Verisons
- CentOS 6.5
Configure
- Edit /etc/sysconfig/iptables and add the following before COMMIT
Typical /etc/sysconfig/iptables:12345678910111213# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
- If opening TCP port, add the following line above the first reject statement:
1-A INPUT -m state --state NEW -m tcp -p tcp --dport <port> -j ACCEPTNote
if tcp or udp wasn’t specified assume tcp - If udp, instead add the following line above the first reject statement:
1-A INPUT -m state --state NEW -m udp -p udp --dport <port> -j ACCEPTExample: Open port 666 for tcp1234567891011121314# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 666 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
- Restart iptables
1service iptables restart
Test from remote machine
|
Note
|
replace $HOSTNAME and $PORT below |
|
1 |
telnet $HOSTNAME $PORT |
Pingback: CentoOS 6.5 with GAuth | Mid West Guy
Pingback: CentOS 6: Install Samba | Decidable Dreams