Work and Technology‎ > ‎Security‎ > ‎Firewalls‎ > ‎IPTables‎ > ‎

iptables-save

Custom rules for iptables when used with RedHat's (or Fedora's) system-config-firewall should be saved in the "iptables-save" format. This looks like the following:

$ cat iptables-save-openfire 

-A INPUT -p tcp -m state --state NEW -m tcp -s 184.57.0.0/16 --dport 5222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.0.0/16 --dport 5222 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp -s 132.235.0.0/16 --dport 5222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.0.0/16 --dport 7777 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp -s 132.235.0.0/16 --dport 7777 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.0.0/16 --dport 9090 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp -s 132.235.0.0/16 --dport 9090 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.0.0/16 --dport 9091 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp -s 132.235.0.0/16 --dport 9091 -j ACCEPT

or

$ cat iptables-save-vnc 
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.62.0/23 --dport 5900 -j ACCEPT

$ cat iptables-save-redcap 
-A INPUT -p tcp -m state --state NEW -m tcp -s 132.235.0.0/16 --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 184.57.89.10/16 --dport 443 -j ACCEPT

And should be put in the "filter"  table I'm lead to believe.



Comments