You can also use the desktop tool system-config-firewall, if you have it available, to select the services you want to support from a list. Notice that the destination port (-dport) in this example is 22, the port for ssh. # iptables -A INPUT -m state -state NEW -m tcp -p tcp -dport 22 -j ACCEPT For example, you could use a command like this to enable ssh connections: You can add rules to the iptables config file /etc/sysconfig/iptables by editing the file itself (generally not recommended) or you can add them with an iptables command. You can stop and restart iptables with commands like these: # systemctl stop rvice If iptables isn't running when you run the iptables -L command, you'll see what looks like empty tables. REJECT all - anywhere anywhere reject-with icmp-host-prohibited # iptables -LĪCCEPT all - anywhere anywhere state RELATED,ESTABLISHED
You can also query iptables with the command iptables -L that will list the active rules. Process: 565 ExecStart=/usr/libexec/iptables.init start (code=exited, status=0/SUCCESS)ĬGroup: name=systemd:/system/rvice Loaded: loaded (/usr/lib/systemd/system/rvice enabled)Īctive: active (exited) since Sun, 19:50:53 -0500 2min 5s ago You can, however, easily check the status of iptables with the command systemctl status rvice or maybe just the service iptables status command - depending on your Linux distribution. Since iptables is a kernel function, you're not going to see processes running so no ps command is going to tell you anything about whether or how it is working. This provides the "default deny" rule that gives firewalls their claim to fame - denying everything that you don't explicitly allow. If you haven't made any changes, the filter table will likely be set up to accept established connections, icmp requests and requests sent to the loopback interface (i.e., those generated on the system itself).
By default and in most cases, only one table - the one called "filter" - is actually configured. You can pretty much leave it as is unless or until you need to provide a service to other systems or, in other words, until your system needs to become a server.Īs the name implies, iptables is organized as a set of tables.
Offspring of the earlier ipchains, iptables generally blocks network traffic that tries to reach services on your system.
Iptables, more properly referred to as "iptables/netfilter" because of the two modules that are involved - the userspace module "iptables" and the kernel module "netfilter" - is the firewall that you'll find running by default on most Linux systems today.
0 kommentar(er)
