Starting, stopping, flushing and saving firewall rules, Iptables/Netfilter

Some quick and simple commands for starting and stopping and editing
Iptables/Netfilter on Red Hat, Fedora, SuSE and many other Linux/Unix systems.

As user root (#)

Using Services commands, Internet network services list
As simple as running;

# service iptables stop
# service iptables start

# chkconfig --list iptables
# chkconfig iptables on (enable iptables firewall) adds symbolic links in /etc/rc[0-6].d
# chkconfig iptables off (disable iptables firewall) removes symbolic links.

Adding rules to iptables on the fly is easy, but be very sure that you know what you are doing. Don't apply new rules on a production environemnt and pray it will work.

To add let's say a drop rule for http access to our webserver for the hole Internet.

# iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j DROP

To add a rule for outgoing traffice, let say drop all outgoing ftp traffic.

# iptables -A OUTPUT -s 192.168.0.0/24 -p tcp --dport 21 -j DROP (specify your network with your correct netmask. /24 for private home network as an example.

Rules applied on the fly will not be saved automatically, you will have to save them
by running;

# service iptables save (appends the new rules to /etc/sysconfig/iptables file)

[root@mimir ~]# ls -lrt /etc/sysconfig/iptables
-rw------- 1 root root 314 Mar 27 14:38 /etc/sysconfig/iptables
[root@mimir ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.2.11 on Mon Mar 27 14:38:15 2006
*filter
:INPUT ACCEPT [1491:174656]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [684:111318]
-A INPUT -p tcp -m tcp --dport 80 -j DROP
-A OUTPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 21 -j DROP
COMMIT
# Completed on Mon Mar 27 14:38:15 2006

List your iptables rules

# iptables -nL (for numeric)
# iptables -L (for alpha)