Introduction
CentOS 6 uses iptables as system firewall.
We configure iptables in our default installation to drop all incoming traffic (including incoming traffic for routing) except for ICMP and TCP port 22 (SSH).
iptables -nL to see current firewall rules.Disabling firewall
To disable firewall perform one of the following:1. use text interface for basic firewall setup
system-config-firewall-tui
from system-config-firewall-tui package. Mark firewall as disabled, press Ok to save the changes.
2. disable firewall service: to stop firewall service runservice iptables stop && service ip6tables stop
then to prevent firewall from starting on boot, if necessary run
chkconfig iptables off && chkconfig ip6tables off
3. delete files /etc/sysconfig/ip6tables and /etc/sysconfig/iptables and to reload blank firewall configuration run
service iptables restart && service ip6tables restart
To disable firewall only until first reboot run: iptables -F.
1. use text interface for basic firewall setup system-config-firewall-tui
from system-config-firewall-tui package. Mark firewall as enabled, pressCustomize, mark required services, add additional ports, etc. Follow program's interface instructions. Press Ok to save the changes.
2. edit /etc/sysconfig/iptables and /etc/sysconfig/ip6tables to add additional firewall rules. This requires firewall restart (service iptables restart &&service ip6tables restart). For example, to allow HTTP incoming rule one should add the line below before the COMMIT line and restart firewall.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
