Let me start by saying that firewall configuration with iptables is no simple matter especially for untrained eye. Many things can go wrong and you can easily lock yourself from the server completely. Basic firewall and networking understanding is recommended before attempting to manipulate firewall rules on production Linux server.
If, unsure, it is always a good idea to create some testing environment by creating a sandbox server before tampering with production server! Do you have direct access to your server via console/terminal in somethings goes wrong?
Before moving on, please consider to read through our Collection of basic Linux Firewall iptables rules guide to familiarize yourself with basic iptables command usage.
How do you know that firewall is disabled on your host. It is also possible that your hosting provider provide you with top level firewall to shield your server.
From what I understand the firewall is enabled by default CentOS 6. To check your current iptables rules run command
iptables-save. This is a sample output of
iptables-save command on CentOS 6:
# Generated by iptables-save v1.4.7 on Sat Jul 14 09:57:14 2018
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [99:12116]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# Completed on Sat Jul 14 09:57:14 2018
Next, I’m going to assume that your firewall is disabled and we need to block any access to the server except the following services:
80,443 ( apache, myphpadmin )
21 ( FTP )
12895 ( Webmin )
22 ( SSH ) this is must in order to access the server via secure shell
First, it is recommended to allow access to any port from the external public IP address you use to connect to your server. For example if your IP address is 22.214.171.124 then execute:
# iptables -A INPUT -s 126.96.36.199 -j ACCEPT
The above rule we ensure that you do not lock yourself out from the server. Once you are happy with the settings this iptables rule can then be removed.
Next, open ports for all your required services. Alter the port numbers if necessary or add more rules based on the template:
# iptables -I INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT -p tcp --dport 12895 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
Next task in order is to block access to any other ports:
# iptables -P INPUT REJECT
Lastly save the iptables rules to make sure they are available after CentOS 6 Linux server reboots:
# /etc/init.d/iptables save
All done. Please note that the above are just basics. The topic on how to configure simple firewall can stretch for miles and fill multiple books.