Red Hat- iptables

kevin_s · Post by **kevin_s** » Mon Dec 17, 2007 9:19 pm

I have abandoned Windows and I'm installing OpenEMM for Red Hat right now. Step 3 confuses me. It says, "edit the file 'etc/sysconfig/iptables' [...]. Add/modify the lines in the section '-A RH-Firewall-1-INPUT'."

The problem is, iptables does not have a section called "-A RH-Firewall-1-INPUT". This is the entire file:

Code: Select all

# Generated by iptables-save v1.3.5 on Mon Dec 17 18:34:34 2007
*filter
:INPUT ACCEPT [429:69258]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [180:27172]
COMMIT
# Completed on Mon Dec 17 18:34:34 2007

Why is iptables missing the section I need? Am I looking in the wrong file? Is there a command I need to execute first?

Post by **maschoff** » Mon Dec 17, 2007 11:00 pm

This is not a real firewall configuration. Please consult your system administrator for help.

along · Post by **along** » Mon Dec 31, 2007 5:42 pm

MA says it's not "real" config because you don't have iptables set up yet (If it's running, you're in deep doodoo, as your default actions for all chains is accept). The file you quoted is just the default config before any rules are added or initialized. Try googling on "iptables howto". You can also use webmin to create an initial config and set iptables to start on boot, then tweak the file manually...

The rules you need will look like this (this only includes the sections relevant to openemm, you need more to protect your server). Most people will want a default inbound filter policy set to DROP, to which you then define exceptions.

Code: Select all

# Allow inbound HTTP from the world
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Allow inbound ports for OpenEMM
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
# Allow SMTP
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT