Open port Iptables Firewall on CentOS 6
What ports do I need to open in my firewall?
https://help.directadmin.com/item.php?id=71
and then open that port range as well in your firewall.
22: ssh access
25, 587: smtp for exim to recieve email
53: dns (named), so your sites resolve. TCP and UDP here.
80, 443: apache traffic, http and https
110, 995: client pop email access
143, 993: clients imap email access
2222: DirectAdmin Access
3306: mysql acess. You don't need to open this port if you don't want to allow remote mysql access, as most mysql scripts are all accessed locally.
============================================
Allow all loopback (lo) traffic and drop all traffic to 127.0.0.0/8 other than lo:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -j REJECT
Block some common attacks:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Accept all established inbound connections:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow HTTP and HTTPS inbound traffic:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Allow SSH connections:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Allow NTP connections:
iptables -A INPUT -p udp --dport 123 -j ACCEPT
Allow DNS queries:
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
Allow ping:
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
At last, set the default policies:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
Step 3: Save the configurations
service iptables save
service iptables start
service iptables status
chkconfig iptables on
