Opening a specific port in Linux / Fedora 16. This should work on all ditros that use use iptables.
For example. lets open the default DNS port to allow incoming queries for addresses.
- List your exising firewall rules
iptables -L --line-numbers -n
This will list the current rules you have in your firewall configuration Sample output:-
[root@i7 ~]# iptables -L --line-numbers -n
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
- DNS Queries require a UDP packet to port 53 (by default). Since iptables rules are done on a first match basis, we’ll insert it to line 3 in the INPUT chain.
- The command to insert the rule:-
iptables -I INPUT 3 --proto udp --dport 53 -j ACCEPT
- Where:
- -I INPUT 3: Insert rule into the INPUT chain at line number 3
- –proto udp: Incoming Packets that are of the UDP Protocol
- –dport 53: Packets destined for port 53
- -j ACCEPT: Jump to the ACCEPT chain (let the packet through)
- When you list the iptables rules again, It should show the new rule in line number 3 of the input chain.
[root@i7 ~]# iptables -L --line-numbers -n
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
- Remember to then save your rules, else the next time the service is rebooted, your changes will be lost.