how to set temporarily and permanently iptables?

Support for security such as Firewalls and securing linux
Post Reply
keomeisz
Posts: 6
Joined: 2014/08/08 07:46:04

how to set temporarily and permanently iptables?

Post by keomeisz » 2014/08/11 01:42:49

any example?

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: how to set temporarily and permanently iptables?

Post by gerald_clark » 2014/08/11 01:47:38

Most people are using firewalld instead of iptables on C7.
man firewall-cmd has some examples.
Example 2 shows both the temporary and permanent commands.

keomeisz
Posts: 6
Joined: 2014/08/08 07:46:04

Re: how to set temporarily and permanently iptables?

Post by keomeisz » 2014/08/11 02:04:07

have any website intro...because i can't find it

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: how to set temporarily and permanently iptables?

Post by gerald_clark » 2014/08/11 02:32:44

Just run "man firewall-cmd".
If you are running X, firewall-config.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: how to set temporarily and permanently iptables?

Post by TrevorH » 2014/08/11 11:01:05

The one thing that confused me is that to allow something new, you have to run firewall-cmd twice: once with --permanent to make the change stick and once without to make it take effect immediately. I expected --permanent to do both at the same time.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

erickj
Posts: 4
Joined: 2014/08/22 01:42:53

Re: how to set temporarily and permanently iptables?

Post by erickj » 2014/08/22 06:02:25

The one thing that confused me is that to allow something new, you have to run firewall-cmd twice
I agree I found that confusing as well. I found it easier to just remember to run

Code: Select all

fireall-cmd --reload
after all my --permanent commands.

The rhel security guide was a great resource to get going quickly with firewalld though. It's a short read too:

https://access.redhat.com/documentation ... walls.html

jensd
Posts: 36
Joined: 2014/07/08 12:23:09

Re: how to set temporarily and permanently iptables?

Post by jensd » 2014/08/26 08:59:54

When you want to use iptables instead of firewalld, you can do the following:

to add a rule temporarly:
sudo iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

to then save the rule permanently:
sudo service iptables save

to add the rulle immediatelly as permantent, edit /etc/sysconfig/iptables and add a line like this before your reject rule(s):
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

To go back to iptables instead of firewalld on CentOS 7, see this tutorial: http://jensd.be/?p=121

Post Reply