Change iptables Default Policy to DROP on Centos & How to disable iptables

2/24/2013 05:59:00 PM    



Default Iptables Chain Policy

The Default linux iptables chain policy is ACCEPT for all INPUT, FORWARD and OUTPUT policies. You can easily change this default policy to DROP with below listed commands.
You must login as a root user to run all the commands.
[root@server ~]# iptables -P INPUT DROP
[root@server ~]# iptables -P FORWARD DROP
[root@server ~]# iptables -P OUTPUT DROP
After changing the INPUT, FORWARD, OUTPUT policies to DROP, All the incomming/outgoing/forwarding connections are dropped(Denied) by firewall. So you need to open every  INPUT, FORWARD, OUTPUT connections in firewall/iptables with rules. If you change the default OUTPUT policy to DROP you cannot communicate with other systems/networks .
Allow All Outgoing connections
Allow all outgoing connections from the Linux machine. This applicable to all connections/packets generated from the system itself.
[root@server ~]# iptables -A OUTPUT -j ACCEPT
[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@server ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Open Ports for incoming connectionsFor example open port 21 in iptables for allowing ftp connections from all networks.
[root@server~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@server ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

===========================================================================================

How to disable iptables Firewall in Redhat CentOS Fedora


Steps to stop and disablefirewall in RPM based Distro. (Redhat,centos,fedora,etc)

Step1: Stop iptables and ip6tables  first
[root@server #]service iptables stop
[root@server #]service ip6tables stop
Step2: Remove iptables and ip6tables from startup
[root@server #]chkconfig iptables off
[root@server #]chkconfig ip6tables off
Should work on all rpm based distributions. Disabling firewall is insecure and not recommented for Servers