In this tutorial, we'll explain how we implementing firewall rules with iptables on AlmaLinux 9 involves a series of steps to install, configure, and manage. It involves a series of steps to install, configure, and manage iptables. Here's a detailed guide:
Step 1: Install iptables
Most modern Linux distributions, including AlmaLinux, come with iptables installed by default. You can verify its installation by running:
sudo yum install iptables iptables-services -y
Step 2: Enable and Start iptables
Enable the iptables service to start on boot and start the service:
sudo systemctl enable iptables
sudo systemctl start iptables
Step 3: Basic iptables Commands
List current rules:
sudo iptables -L -v
Add a rule:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Delete a rule:
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
Save rules:
sudo service iptables save
Restore rules:
sudo service iptables restart
Step 4: Example iptables Configuration
Here's an example of a basic iptables configuration:
Flush existing rules:
sudo iptables -F
Set default policies:
Caution with following commands. It will disconnect you from your server.
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
Allow loopback traffic:
sudo iptables -A INPUT -i lo -j ACCEPT
Allow established and related connections:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Allow SSH connections:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Allow HTTP and HTTPS connections:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Save the rules:
sudo service iptables save
Step 5: Persisting Rules Across Reboots
To ensure your iptables rules persist across reboots, save the rules using:
sudo service iptables save
The rules will be saved in /etc/sysconfig/iptables.
Step 6: Managing iptables with Scripts
For more complex setups, you can create a script to manage your iptables rules. Create a script, and add your rules there:
vi iptables.rules
Add following script:
#!/bin/bash
# Flush existing rules
iptables -F
# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established and related connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP and HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
# Save rules
service iptables save
Save and exit
Make the script executable:
sudo chmod +x iptables.rules
Run the script to apply the rules:
sudo ./iptables.rules
Step 7: Verify Configuration
Verify your iptables configuration:
sudo iptables -L -v
This guide should help you set up and manage iptables on AlmaLinux 9. Adjust the rules as per your specific requirements.
