How to configure Centos 6 firewall (iptables)?

CentOS 6 uses iptables as system firewall. We configure iptables in our default installation to drop all incoming traffic (including incoming traffic for routing) except ICMP and TCP port 22 (SSH).

Please run iptables -nL to see current firewall rules.

Disabling firewall

To disable firewall perform one of the following:

  • Use text interface for basic firewall setup
      system-config-firewall-tui
      from system-config-firewall-tui package. Mark firewall as disabled, press Ok to save the changes.
  • Disable firewall service: run
      service iptables stop && service ip6tables stop
      to stop firewall service, then run
      chkconfig iptables off && chkconfig ip6tables off
      to prevent firewall from starting on boot, if necessary.
  • Delete files /etc/sysconfig/ip6tables and /etc/sysconfig/iptables and run
    1. service iptables restart && service ip6tables restart
      to reload blank firewall configuration.

To disable firewall only till first reboot run:
iptabes -F.

Configuring firewall

To configure firewall:

  1. Use text interface for basic firewall setup
  2. system-config-firewall-tui
    from system-config-firewall-tui package. Mark firewall as enabled, press Customize, mark required services, add additional ports, etc. Follow program’s interface instructions. Press Ok to save the changes.

  3. Edit /etc/sysconfig/iptables and/etc/sysconfig/ip6tables to add additional firewall rules. This requires firewall restart (service iptables restart && service ip6tables restart).
  4. For example to allow HTTP incoming rule one should add
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    line before the COMMIT line and restart firewall.

See our Knowledgebase for more How-To articles.

Comments are closed.