IpTables Firewall

About

iptables is a Firewall and NAT service used as backend by firewalld.

The actual iptables rules are created and customized on the command line with the command :

  • iptables for IPv4
  • and ip6tables for IPv6.

The iptables command inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.

Knowledge of iptables concepts:

Service Management

firewalld is a service above Iptables. You should not use them together.

Start / Stop

You can start, stop, and restart iptables after booting by using the commands:

service iptables stop
systemctl stop iptables 
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]

service iptables stop
Firewall is stopped.

Status

service iptables status
systemctl status iptables 

Command

How to configure Iptable to allow all connection to the Oracle Database

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --sport 1521 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Verify that the listener of your database is up and running otherwise you may have an error with the network adapter

List

List the firewall rule

iptables --list
# or
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6006:6009
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6014:wrspice
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8185
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6013
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6005
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7180

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Documentation / Reference





Discover More
Firewalld

Cheatsheet on the usage of Firewalld
Firewalld - Target (Rich Rule Action)

A target is the action taken if the configuration options match a IP packet. It's used: as the last word in a rich rule as the default action in a zone. It's a iptables concept. Name Rejection...
Recaptcha
How can I protect myself from Bad Bot (Spambot, Attacker )?

Bad Bots are robots with bad intentions. They are also known as attackers. They walk through: web pages trying to find a form and to fill them trying: to send email in mass to create a fake...
Chrome Site Cant Be Reached
How to allow only the HTTP traffic from a subnet such as Cloudflare with Firewalld?

This article is a step by step that shows you how to configure the firewall Firewalld to allow the network packet traffic from a subnet such as Cloudflare
How to give the permission to an executable to take the port 80 on Linux?

On Unix-based systems, the default HTTP port 80 is only available to program (executable) started by the root user. For security reasons, it is not desirable to run the server as root (if the program...
How to restrict your firewall by country firewalld (ie iptable)

A step-by-step on how to configure your iptable firewall with firewalld to allow only requests originating from a country
Linux Firewall
Linux - Firewall

Firewall on Linux GUI You can manage the firewall and secure linux through the gui: Gnome. System > Administration > Security Level and Firewall. Kde. Applications > System Settings > Security...
Which backend uses Firewalld to store the rules?

firewalld uses as backend: nftables (default) iptables (deprecated) The configuration is firewalld system configuration.



Share this page:
Follow us:
Task Runner