Linux Noobie – IPTables


iptablesI know I’m a muppet, you don’t HAVE to tell me…

(This will just be a quick and dirty touch upon some useful commands to completely FUBAR your IPTables configuration.  I’m NOT kidding.)

Yesterday, I was provided an opportunity to bask in the glory of IPTables, the defacto standard Linux firewall solution.  Our system engineer stood up a RHEL 6 server and then copied over a ton of data from our production CMS so we could do some performance testing.  This CMS has replication jobs that need to be reconfigured but that can only happen while it’s running.  In short, he erected an IPTables force-field for the server until I could reconfig the replication jobs.  We have a system and it’s worked great… until yesterday.  It seems that even System Admins like to take vacations.  So, I was on my own.  

The CMS/Content/Data was copied over successfully and the IPTables configured to prevent OUTPUT on ports (I’m making these up but you will get the point) 5805, 5806, and 80.  I have to get these turned off and the only person to help is Google.  Well, as with many things Google it’s either feast or famine and I was feasting.  There’s tons of great info on IPTables but I found one of my favorite sites, nixCraft, to be very helpful.  Here’s how I solved the problem:

First, I needed to be able to see what I was working with.  This was accomplished by listing out the IPTables configuration:

sudo iptables -L

This provided me with the following:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:5805
DROP tcp -- anywhere anywhere tcp dpt:5806
DROP tcp -- anywhere anywhere tcp dpt:http

So, I did some digging and found this article on nixCraft which is really good considering books have been written on the subject.  Since I knew that the admin created these entries, I just needed to drop them.  I found that you can reference these entries with line numbers and also limit the listing to specific sections.  Since I want line numbers and only the OUTPUT section, I put in this:

sudo iptables -L OUTPUT --line-numbers

and I got this back:

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
1 DROP tcp -- anywhere anywhere tcp dpt:5805
2 DROP tcp -- anywhere anywhere tcp dpt:5806
3 DROP tcp -- anywhere anywhere tcp dpt:http

Now, to delete them, I used this command:

sudo iptables -D INPUT 1

The listing after this looked like:

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
1 DROP tcp -- anywhere anywhere tcp dpt:5806
2 DROP tcp -- anywhere anywhere tcp dpt:http

Finally, rinse and repeat and then Save the config as follows:

sudo service iptables save

Just to make sure, I restarted IPTables service as such and then views the listing:

sudo service iptables restart

Everything looks the way I left it.  Now to test it.  I used telnet to call out to an external server listing on 5306 and it responded so I know that the firewall is allowing the traffic.

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s