I am trying to configure iptables on a CentOS 6.5. I am trying to block all traffic to the server and then only open certain ports that I need, such as port 80. At the moment I’ve removed port 80 from the iptables config file in
/etc/sysconfig/iptables and restarted it but I can still access the web pages.
Below is my current iptables config file:
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth+ -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth+ -j ACCEPT -A FORWARD -o eth+ -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
As you can see from the above, port 80 is currently commented out so when IP tables restarts, I expect to no longer be able to access the web pages on my server, however, I still can access them.
You chose to accept all traffic on all eth interfaces. Re-run
system-config-firewall and turn that off.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.