IpTables Firewall

1 - About

iptables is a Firewall and NAT service.

The actual iptables rules are created and customized on the command line with the command :

  • iptables for IPv4
  • and ip6tables for IPv6.

The iptables command inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.

firewalld is a service based on Iptables and they conflicts (they should not be installed on the same OS)

3 - Management

3.1 - Start / Stop

You can start, stop, and restart iptables after booting by using the commands:


service iptables stop
systemctl stop iptables 


Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]


service iptables stop


Firewall is stopped.

3.2 - Status


service iptables status
systemctl status iptables 

3.3 - How to configure Iptable to allow all connection to the Oracle Database


iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --sport 1521 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
service iptables save
service iptables restart

Verify that the listener of your database is up and running otherwise you may have an error of the network adapter

3.4 - List

List the firewall rule


iptables --list
# or
iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6006:6009
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6014:wrspice
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8185
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6013
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6005
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7180

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

4 - Documentation / Reference


Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap