«

»

Feb 20 2007

Unix Firewall Rules

firewallWhile trying to setup an application for work, I needed to install a mysql server. In the process I realized that the server’s firewall was blocking port 3306 which is why I was unable to access it from any other computer. Zach asked me to write up documentation so that when he needed a reminder, he didn’t have to search very far.

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a ‚??target‚??, which may be a jump to a user-defined chain in the same table.

The detailed syntax of the iptables command is documented in its man page, which can be displayed by typing the command “man iptables”.

[root@host /]# vi /etc/sysconfig/iptables
or the location of your iptables setup

The Rule: -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

Note: the bold item is the rule that I added for my situation.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8887 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

Once you add the rules in, you need to restart the firewall by doing the following command:
[root@host /]# service iptables restart

accept, dport, firewall, iptables, linux, mysql, ports, red hat, reject, rules, server, state, system administration, tcp, unix

About the author

Timothy Haroutunian

Timothy Haroutunian is a ServiceNow Cloud Implementation Specialist at Acorio. ServiceNow is an IT Management solution that allows for a complete view of your IT and physical environment.

Permanent link to this article: http://www.armenianeagle.com/2007/02/20/unix-firewall-rules/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.