Howto Block or Open HTTP/HTTPs Ports IPTables

From Brian Nelson Ramblings
Jump to: navigation, search

Howto Block or Open Port HTTP(80)/HTTPS(443) with IPTables

Just installed your web server application, but you can not view the site from an outside source. Have you allowed the traffic to view your web server? By default, only SSHD is enabled.

Apache webserver uses the TCP protocol to transfer information/data between server and browser. The default Iptables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This post explains how to allow inbound and outbound access to web services under Linux.

Edit the Iptables file

You can always edit your iptables file at /etc/sysconfig/iptables in Centos. Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain to open port 80 and 443:

vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW,ESTABLISHED -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW,ESTABLISHED -p tcp --dport 443 -j ACCEPT

Now restart iptables

/etc/init.d/iptables restart

Add via Command Line

/sbin/iptables -I INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 433 -m state --state NEW,ESTABLISHED -j ACCEPT

Save and close the file. Please note that under Red Hat enterprise Linux (RHEL) / CentOS / Fedora Linux you can use following commands to save and restore firewall rules.

/etc/init.d/iptables save