Category Archives: Firewall

Disable FirewallD and enable/import IPTables rules

1) Clear the default firewall rules in FirewallD.

#iptables -F
#iptables -t nat -F

2) Disable firewalld.

#systemctl stop firewalld
#systemctl disable firewalld
#systemctl mask firewalld

3) Install iptables-services.

#yum install iptables-services
#systemctl start iptables
#systemctl enable iptables

4)Clear again the iptables rules.

#iptables -F
#iptables -t nat -F

5) Import iptable rules and saved it or create a new iptable rules.

#iptables-restore < iptables
#service iptables save
#service iptables stop
#service iptables start

 

Allow incoming/outgoing SNMP traffic in IPTables

Allow outgoing SNMP traffic in IPTables

iptables -A INPUT -i eth0 -p udp -s--sport 161:162 -d
--dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp -s --sport 1024:65535 -d
--dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow incoming SNMP traffic in IPTables

iptables -A INPUT -i eth0 -p udp -s 152.102.124.31 --dport 161:162 -j ACCEPT
iptables -A OUTPUT -p udp -d 152.102.124.31 --dport 1024:65535 -j ACCEPT

Allow Incoming/Outgoing ICMP traffic in IPTables

Enable or allow ICMP ping incoming client request.

iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -s-d
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type 0 -s -d
-m state --state ESTABLISHED,RELATED -j ACCEPT

Allow or enable outgoing ping request.

iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -s-d
-m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type 8 -s -d
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

How to use IPTABLES

Leave a reply

To Drop IP in iptables

Port Specific:

iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport {PORT} -j DROP
iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport 80 -j DROP
/sbin/service iptables save

No Port Specified:

iptables -A INPUT -s xx.xx.xx.xx -j DROP
/sbin/service iptables save

Example:

/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP
/sbin/service iptables save

To Allow IP in iptables

iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport {PORT} -j DROP
iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT
/sbin/service iptables save


Unblock / Delete an IP Address Listed in IPtables Tables

– To display line number along with other information, type the command below.

iptables -L INPUT -n –line-numbers
iptables -L OUTPUT -n –line-numbers

Search for the IP Address that you want to delete. Example 192.168.2.4

iptables -L INPUT -n –line-numbers | grep “192.168.2.4”
12056 DROP all — 192.168.2.4 0.0.0.0/0

2. IP address 192.168.2.4 is in line 12056 so we will use the command below to delete line 12056.

iptables -D INPUT 12056
/sbin/service iptables save

Other way to remove the IP is like this one.

iptables -D INPUT -s xx.xxx.xx.xx -j DROP
/sbin/service iptables save