How To Set Up a Basic Iptables Firewall on CentOS

Welcome back to the Greenhost.cloud blog! Today, we are diving into one of the essential tasks for system administrators and anyone who wants to secure their server: setting up a basic Iptables firewall on CentOS. Whether you’re running a web server, a database server, or any other type of service, having a firewall in place is crucial for safeguarding your digital assets.

What is Iptables?

Iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. This powerful tool lets you restrict incoming and outgoing traffic based on predefined rules, providing a robust security layer for your CentOS server.

Prerequisites

Before we begin, make sure you have:

• A CentOS server (version 7 or 8 preferred).
• Root or sudo access to your server.
• Basic knowledge of the command line.

Step 1: Update Your System

Before configuring your firewall, it’s always a good practice to update the package index and upgrade the installed packages. SSH into your CentOS server and run:

sudo yum update -y

Step 2: Install Iptables

Iptables usually comes pre-installed on CentOS systems. To verify its availability, run the following command:

sudo iptables --version

If it’s not installed, you can install it using:

sudo yum install iptables-services -y

Step 3: Flush Existing Rules

Before applying new rules, it’s a good idea to clear any existing ones. This prevents potential conflicts with the new rules we’ll be setting up:

sudo iptables -F

Step 4: Set Default Policies

Setting default policies will establish the groundwork for your firewall. Typically, we want to allow outgoing traffic and block all incoming traffic by default. Use the following commands:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

Step 5: Allow Essential Incoming Connections

Now that we have our default policies set, let’s allow some essential services, such as SSH (port 22) and HTTP/HTTPS (ports 80 and 443), for web servers. Execute the following commands:

# Allow SSH
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allow HTTPS
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow ICMP (ping)
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

Step 6: Allow Established Connections

Allowing established connections helps maintain existing sessions without allowing new connections that violate your rules. Execute:

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Step 7: Save Your Iptables Rules

To ensure that your configuration persists through reboots, save your rules using the following command:

sudo service iptables save

Step 8: Restart Iptables Service

After saving your rules, restart the Iptables service to apply changes:

sudo systemctl restart iptables

Step 9: Check Your Iptables Rules

To verify that your rules are configured correctly, list the current Iptables rules with:

sudo iptables -L -n -v

Conclusion

Congratulations! You’ve successfully set up a basic Iptables firewall on your CentOS server. Keeping your server secure is an ongoing process, and regularly reviewing and updating your firewall rules will ensure that your server remains protected from unwanted traffic.

Feel free to leave a comment if you have any questions or if there are additional topics you’d like us to cover in future blog posts. Stay secure!

For more tips on cloud hosting and security, be sure to check back often at Greenhost.cloud!