Junk Food for the Brain

Open Source and Awesomesauce :)

IPTables: How to Open a Firewall Port in Linux

| Comments

Opening a specific port in Linux / Fedora 16. This should work on all ditros that use use iptables.

For example. lets open the default DNS port to allow incoming queries for addresses.

  1. List your exising firewall rules
iptables -L --line-numbers -n

This will list the current rules you have in your firewall configuration Sample output:-

[root@i7 ~]# iptables -L --line-numbers -n 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited  
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
  1. DNS Queries require a UDP packet to port 53 (by default). Since iptables rules are done on a first match basis, we’ll insert it to line 3 in the INPUT chain.
  2. The command to insert the rule:-
iptables -I INPUT 3 --proto udp --dport 53 -j ACCEPT
  1. Where:
    • -I INPUT 3: Insert rule into the INPUT chain at line number 3
    • –proto udp: Incoming Packets that are of the UDP Protocol
    • –dport 53: Packets destined for port 53
    • -j ACCEPT: Jump to the ACCEPT chain (let the packet through)
  2. When you list the iptables rules again, It should show the new rule in line number 3 of the input chain.
[root@i7 ~]# iptables -L --line-numbers -n 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited  
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
  1. Remember to then save your rules, else the next time the service is rebooted, your changes will be lost.