5

I have centos 5.

I tried iptables -L and it gives the following output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

NOw i was trying to access my local site on that pc from other pc on same LAN but i was not able to.

Then i click on fireall and security menu in centOS administration menu and there i add the port 80 as allowd port and then i was able to access that

But my iptables rules are still not showing anything regarding prot 80

  • if you want to know weather this is being caused by your firewall or not you can simple stop it for the momment and try it out, `iptables-save; service iptables stop` try accessing your website then run `service iptables start` to start it again. – Prix Aug 20 '10 at 04:27
  • if i disable the firewall from centos top admin menu then site works ok it means it was blocked by the firewall but i want to know that the centos firewall and iptables are diferent or same –  Aug 20 '10 at 04:30
  • yes they are the same thing in most LINUX distro won't just say all because i havent used all distros out there but most of what i have used use iptables as main firewall anything else is just managing tools for the same. To allow port 80 traffic `iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT` – Prix Aug 20 '10 at 04:56

1 Answers1

4

CentOS firewall and iptables are the same thing. Refer to this documents.

You can control iptables from command line or by using the GUI interface which is "Security Level Configuration Tool", the one you are using it from the menu.

By default, the firewall is enable during your setup. The setup interface will recommend it and it will block all traffic, unless you specifically allowed it.

Muhammad
  • 699
  • 10
  • 20
  • i have allowed the port 80 from GUI interface but the iptables -L is still not showing the rule which i have added from GUI. The output of iptables -L is shown in the post above , the port 80 is working but that rules is not shown in the list –  Aug 20 '10 at 05:05
  • 1
    `ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http` it is ? – Prix Aug 20 '10 at 05:12
  • The gui version works for me but comandline version not, is there anything else that the gui is updating except iptables? – Hugo Dec 19 '12 at 08:36
  • @Hugo - as per the CentOS documentation, the gui (SLCT) only configures a basic firewall. You need the command line to do more complicated one - or you can edit the iptables configuration file directly (/etc/sysconfig/iptables|ip6tables) and reload the firewall rules. – Muhammad Dec 26 '12 at 05:37
  • @Muhammad in my case the problem was with the order of records http://serverfault.com/q/459267/142573 – Hugo Dec 27 '12 at 14:02