I have setup an Apache web server on CentOS Linux. How do I configure firewall to allow or block access? How do I setup firewall for a web server under RHEL or CentOS Linux v6.x?
The default iptables configuration on CentOS or RHEL does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by the Apache web server. I have using some different method listed below:
Note: For applying these changes you have need to root access.
- /etc/sysconfig/iptables : Edit this file to allow or deny access to the Apache Web Server IPv4. You also need to edit the /etc/sysconfig/ip6tables file to allow or deny access to the Apache Web Server IPv6 ports.
- system-config-firewall-tui command (runs on ssh text based session) or system-config-firewall command (run on GUI based session) : This is a graphical user interface for setting basic firewall rules. This tool will always overwrite /etc/sysconfig/iptables file.
- /sbin/iptables command : Use iptables command directly to modify/append/add firewall rules. The rules can be saved to /etc/sysconfig/iptables file with /sbin/service iptables save command.
- /usr/sbin/lokkit command : This is a basic firewall configuration tool, designed for ease of use and configuration. This tool also supports SELinux config option. This tool is considered as deprecated and not covered in this faq.
Edit /etc/sysconfig/iptables file (recommend
for advanced users)
Edit the IPv4 /etc/sysconfig/iptables, enter:# vi /etc/sysconfig/iptables
Add the following lines, ensuring
that they appear before the final LOG and DROP lines for INPUT chain:
## allow everyone to access port 80 and 443 (IPv4 Only)##
-A
INPUT -m state --state NEW -p tcp --dport 80
-j ACCEPT
-A
INPUT -m state --state NEW -p tcp --dport 443
-j ACCEPT
Save and close the file. Restart the
IPv4 iptables service:
# service iptables start
Edit the IPv6 /etc/sysconfig/ip6tables, enter:
# vi /etc/sysconfig/ip6tables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for INPUT chain:
# service iptables start
Edit the IPv6 /etc/sysconfig/ip6tables, enter:
# vi /etc/sysconfig/ip6tables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for INPUT chain:
## allow everyone to access port 80 and 443 (IPv6 Only)##
-A
INPUT -m state --state NEW -m tcp -p tcp --dport 80
-j ACCEPT
-A
INPUT -m state --state NEW -m tcp -p tcp --dport 443
-j ACCEPT
Save and close the file. Restart the
IPv6 iptables service:
# service ip6tables restart
# service ip6tables restart
Iptables Setup and Firewall For a Web Server Using GUI/TUI tool
No comments:
Post a Comment