IPTables block all traffic and only allow certain ports

Boardy asked:

I am trying to configure iptables on a CentOS 6.5. I am trying to block all traffic to the server and then only open certain ports that I need, such as port 80. At the moment I’ve removed port 80 from the iptables config file in /etc/sysconfig/iptables and restarted it but I can still access the web pages.

Below is my current iptables config file:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

As you can see from the above, port 80 is currently commented out so when IP tables restarts, I expect to no longer be able to access the web pages on my server, however, I still can access them.

My answer:


You chose to accept all traffic on all eth interfaces. Re-run system-config-firewall and turn that off.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.