February 12, 2017

Fedora 24 and IPtables

These days fedora uses firewalld, but I am used to and like good old iptables. Here is how to get iptables going and ditch firewalld:
su
vi /etc/sysconfig/iptables
dnf install iptables-services -y
systemctl disable firewalld
systemctl stop firewalld
systemctl start iptables
systemctl enable iptables
systemctl status iptables
Of course you will need some content for the iptables file. You can start with an empty file.

I use something like the following:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# http to the world
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# This is for my home network on Cox 
-A INPUT -s 99.121.0.0/16  -m state --state NEW -p tcp --dport 22 -j ACCEPT
#
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


Have any comments? Questions? Drop me a line!

Adventures in Computing / [email protected]