How to add to and edit iptables

If you’re using a firewall on your server, you’ll want to edit your IPtables. Here’s how you can add new IPs or edit existing ones. Remember port 22 is for ssh and port 21 for FTP.

  • vi /etc/sysconfig/iptables

Edit the IPs in /etc/sysconfig/iptables. Then save changes and run this command to commit changes

  • service iptables restart

Successful service iptables restart should result in this:

Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: filter [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: [  OK  ]

Example of what iptables should look like

http://www.brandonhutchinson.com/iptables_fw.html

http://oceanpark.com/notes/firewall_example.html

http://www.iitk.ac.in/LDP/LDP/nag2/x-087-2-firewall.example.html

http://www.liniac.upenn.edu/sysadmin/security/iptables.html

Or search google for “example iptables config file”

How to fix sendmail, iptables, and email delay/not sending

I had some issues with sendmail actually sending out an e-mail. Then sometimes if I stopped the iptables firewall some emails would make to my inbox but that’s quite a big delay. What I had to do to get my mail working smoothly and sending right away was to allow my server’s (or lan) IP address to access sendmail. Here’s the code I put into my iptables config file. I couldn’t find a real solution that worked for me so I edited /etc/sysconfig/iptables and copied this

-A INPUT -p tcp -s 0/0 –sport 80 -d MYSERVERLANIPHERE –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Then pasted, and changed the port to 25 instead of 80

-A INPUT -p tcp -s 0/0 –sport 25 -d MYSERVERLANIPHERE –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Then I restarted my firewall (service iptables restart) and booyah! Shiz iz workin.

If you’re a server admin, another thing you might be interested in is how to clear the qmail queue.