Open firewall rules

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

Open firewall rules

Postby inserm » Wed Dec 05, 2012 12:20 pm

Hello,

I want to know what is the command to open the firewall
I found this command in the doc but for fedora:
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT

I use ubuntu
inserm
 
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Re: Open firewall rules

Postby sreinhardt » Wed Dec 05, 2012 12:30 pm

What are you trying to open firewall ports for? This would be the port for nrpe, and yes it should work for any system using iptables. The rule here is doing the following:
Code: Select all
Inserting the rule into the top of RH-Firewall-1-INPUT chain      -I RH-Firewall-1-INPUT
using TCP ports                                                   -p tcp
match TCP protocol                                                -m tcp
setting the destination port as 5666                              –dport 5666
telling IPtables to accept not reject the packet                  -j ACCEPT

If you are looking to connect to this host from another using nrpe, this is just what you want, with the exception of changing the chain rule to your named input chain.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
sreinhardt
-fno-stack-protector
 
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Open firewall rules

Postby inserm » Thu Dec 06, 2012 3:16 am

When I type this command:
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT

it returns me :
Code: Select all
Bad argument `5666'
Try `iptables -h' or `iptables --help' for more information.
inserm
 
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Re: Open firewall rules

Postby sreinhardt » Thu Dec 06, 2012 12:27 pm

I believe you will need to change -dport to --dport. That should resolve the 5666 error.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
sreinhardt
-fno-stack-protector
 
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Open firewall rules

Postby inserm » Fri Dec 07, 2012 3:27 am

sreinhardt wrote:I believe you will need to change -dport to --dport. That should resolve the 5666 error.

I have tested with this command :
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

its returns :
Code: Select all
iptables: No chain/target/match by that name.
inserm
 
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Re: Open firewall rules

Postby sreinhardt » Fri Dec 07, 2012 11:04 am

Is this command something that you directly copied from the internet? By default the IPTables chains are labeled fairly generic as INPUT, FORWARD, and OUTPUT. Unless you have created custom chains the input chain is not going to be named RH-Firewall-1 per how the command is written. When I list my current rules, you can see the results that I get.
Code: Select all
[root@CentOS-x86-64 nagiosxi]# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Notice at the top of each separated group the Chain [NAME] (policy ACCEPT). If I were to run the IPTables command that you are trying, I would alter it to:
Code: Select all
iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

Please run the iptables -L command and compare your chain names and alter the command accordingly if needed.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
sreinhardt
-fno-stack-protector
 
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm


Return to Community Support

Who is online

Users browsing this forum: No registered users and 39 guests