About
iptables is a Firewall and NAT service used as backend by firewalld.
The actual iptables rules are created and customized on the command line with the command :
- iptables for IPv4
- and ip6tables for IPv6.
The iptables command inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.
Knowledge of iptables concepts:
- tables,
- commands,
- parameters,
Service Management
firewalld is a service above Iptables. You should not use them together.
Start / Stop
You can start, stop, and restart iptables after booting by using the commands:
service iptables stop
systemctl stop iptables
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
service iptables stop
Firewall is stopped.
Status
service iptables status
systemctl status iptables
Command
How to configure Iptable to allow all connection to the Oracle Database
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --sport 1521 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Verify that the listener of your database is up and running otherwise you may have an error with the network adapter
List
List the firewall rule
iptables --list
# or
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpts:6006:6009
ACCEPT tcp -- anywhere anywhere tcp dpts:6014:wrspice
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
ACCEPT tcp -- anywhere anywhere tcp dpt:8185
ACCEPT tcp -- anywhere anywhere tcp dpt:6013
ACCEPT tcp -- anywhere anywhere tcp dpt:6005
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:7180
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination