Some day as system engineer we need to limit or allow some traffic to in or out to out machine, here i share my experience to add firewall rule on ip tables centos 6
[maswachid@dbbackup ~]$ sudo iptables -A INPUT -p tcp -m tcp --dport 6556 -j ACCEPT
[maswachid@dbbackup ~]$ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[maswachid@dbbackup ~]$
Save ip tables configuration by typing following command
[maswachid@dbbackup ~]$ sudo iptables-save | sudo tee /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Sep 18 15:48:36 2018
*filter
:INPUT ACCEPT [15:1440]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24:2452]
-A INPUT -p tcp -m tcp --dport 6556 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Tue Sep 18 15:48:36 2018
[maswachid@dbbackup ~]$
Check the ip tables list for check if out changes is OK by typing following command
[maswachid@dbbackup ~]$
[maswachid@dbbackup ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:check_mk
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[maswachid@dbbackup ~]$
Example of another services :
SNMP :
[msteam@dbbackup ~]$
[msteam@dbbackup ~]$ sudo iptables -A INPUT -p udp -m udp --dport 161 -j ACCEPT
[msteam@dbbackup ~]$ sudo iptables -A INPUT -p udp -m udp --dport 162 -j ACCEPT
[msteam@dbbackup ~]$
Tidak ada komentar :
Posting Komentar