KB ID 0000938
Problem
I was a little perturbed to find out the firewall on my CentOS web server was wide open today. My server setup notes yielded no clues, so it was time to put my ‘Linux Head’ on and fix it.
Solution
1. Connect to the server via console or SSH. As I’m going to change the iptables config file lets back it up (always assume you are going to smash something!)
2. I have a VPS so I’m usually logged on via SSH, so to avoid locking myself out I’m going to change the default policy to allow (yes in my current scenario that’s a moot point, but it’s good practice). Then I can flush the current rules, without kicking myself out.
3. Then allow packets destined to Loopback (127.0.0.1), some processes on the server rely on this, and expect it to be open.
4. Allow packets that were not initiated by the server, but are already established or related to an established connection.
5. Allow in the ports you require (your requirements may differ).
6. To allow your server to respond to pings (if required);
7. Drop all other traffic, and set the forwarding table to also drop all traffic. Then I’m going to allow all outbound ports from the server.
8. TEST EVERYTHING! Then save the changes, to make them persistent.
Show iptables Settings
Start/Stop and Restart the iptables Service
Related Articles, References, Credits, or External Links
NA