IpTables Firewall

About

iptables is a Firewall and NAT service.

The actual iptables rules are created and customized on the command line with the command :

  • iptables for IPv4
  • and ip6tables for IPv6.

The iptables command inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.

firewalld is a service based on Iptables and they conflicts (they should not be installed on the same OS)

Management

Start / Stop

You can start, stop, and restart iptables after booting by using the commands:

service iptables stop
systemctl stop iptables 
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
service iptables stop
Firewall is stopped.

Status

service iptables status
systemctl status iptables 

How to configure Iptable to allow all connection to the Oracle Database

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --sport 1521 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
service iptables save
service iptables restart

Verify that the listener of your database is up and running otherwise you may have an error of the network adapter

List

List the firewall rule

iptables --list
# or
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6006:6009
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6014:wrspice
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8185
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6013
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6005
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7180

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Documentation / Reference


Powered by ComboStrap