In some deadline situation suddenly I have to configure iptables.. lol several years handle servers, known about the concept but never tried to tweak it before. But finally i tried a simple configuration. I was configuring RHEL 6 machine.
Iptables is firewall on Operating System (OS) level. We can filtering data packet that in(s) or out(s) with iptables service turn on.
We can monitor the iptables rules that has been applied by using this
We can set the iptables by using this syntax
iptables [param] iptables -I INPUT -p tcp -s 192.168.1.5 --dport 22 -j ACCEPT iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP
It means you allow ssh for IP 192.168.1.5 and drop anything goes to that machine.
Unfortunately if you just set it that way, your set rule will only saved in memory and when your machine down, your rule is gone. So you can save it like this.
iptables-save > /etc/sysconfig/iptables
At first if you never configure it before, iptables file on /etc/sysconfig doesn’t exist. But after you did that the file will be created. And the next time the iptables service up, it will load the rule on that file.
If you edit it manually on that file, if you want that to take immediate effect, you need to restart your iptable service
service iptables restart
And then finally if you really need the machine to always using iptables service, you need to set this.
chkconfig --level 345 iptables on
If you set this, immediately after machine restarted the machine will start up the iptables service.
Check your rule again using iptables -L, et voila, Your filtering runs well.