Using iptables on CentOS 7 involves several steps, including installing iptables, understanding its basic commands and rules, and configuring it to start on boot. Below are the detailed steps and examples:
1. Installing iptables
Although CentOS 7 defaults to using firewalld as the firewall management tool, you can choose to install and use iptables. First, you might need to install the iptables service. Use the following command to install iptables:
sudo yum install iptables-services
2. Disabling firewalld
Since firewalld is active by default, to avoid conflicts, disable and stop it:
sudo systemctl stop firewalld sudo systemctl disable firewalld
3. Enabling and Starting iptables
Next, ensure the iptables service is enabled and started:
sudo systemctl enable iptables sudo systemctl start iptables
4. Editing Rules
iptables rules determine how incoming and outgoing network packets are handled. You can manually add rules by editing the /etc/sysconfig/iptables file or using the command-line tool iptables.
For example, to allow all incoming SSH traffic (typically on port 22), use the following command:
sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT
This command inserts a rule into the INPUT chain using -I, allowing all incoming TCP data with the destination port set to 22.
5. Saving Rules
After modifying iptables rules, save them to ensure they are automatically loaded upon system restart:
sudo service iptables save
This saves the current rule set to /etc/sysconfig/iptables, ensuring the rules remain effective after reboot.
6. Testing the Configuration
After configuration is complete, verify your iptables rules work as expected. For example, attempt to SSH from another machine to this server to confirm successful connection.
7. Viewing and Managing Rules
To view the current iptables rules, use:
sudo iptables -L
This lists all active iptables rules.
Summary
Using iptables provides powerful capabilities for filtering and managing network packets. Although the configuration process can be complex, following a step-by-step approach ensures server network security. When deploying in practice, thoroughly understand each iptables command and option to correctly configure firewall rules.