Page 1 of 1
Open firewall rules
Posted: Wed Dec 05, 2012 12:20 pm
by inserm
Hello,
I want to know what is the command to open the firewall
I found this command in the doc but for fedora:
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
I use ubuntu
Re: Open firewall rules
Posted: Wed Dec 05, 2012 12:30 pm
by sreinhardt
What are you trying to open firewall ports for? This would be the port for nrpe, and yes it should work for any system using iptables. The rule here is doing the following:
Code: Select all
Inserting the rule into the top of RH-Firewall-1-INPUT chain -I RH-Firewall-1-INPUT
using TCP ports -p tcp
match TCP protocol -m tcp
setting the destination port as 5666 –dport 5666
telling IPtables to accept not reject the packet -j ACCEPT
If you are looking to connect to this host from another using nrpe, this is just what you want, with the exception of changing the chain rule to your named input chain.
Re: Open firewall rules
Posted: Thu Dec 06, 2012 3:16 am
by inserm
When I type this command:
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
it returns me :
Code: Select all
Bad argument `5666'
Try `iptables -h' or `iptables --help' for more information.
Re: Open firewall rules
Posted: Thu Dec 06, 2012 12:27 pm
by sreinhardt
I believe you will need to change -dport to --dport. That should resolve the 5666 error.
Re: Open firewall rules
Posted: Fri Dec 07, 2012 3:27 am
by inserm
sreinhardt wrote:I believe you will need to change -dport to --dport. That should resolve the 5666 error.
I have tested with this command :
Code: Select all
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
its returns :
Code: Select all
iptables: No chain/target/match by that name.
Re: Open firewall rules
Posted: Fri Dec 07, 2012 11:04 am
by sreinhardt
Is this command something that you directly copied from the internet? By default the IPTables chains are labeled fairly generic as INPUT, FORWARD, and OUTPUT. Unless you have created custom chains the input chain is not going to be named RH-Firewall-1 per how the command is written. When I list my current rules, you can see the results that I get.
Code: Select all
[root@CentOS-x86-64 nagiosxi]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h
REJECT all -- anywhere anywhere reject-with icmp-ho
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-ho
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Notice at the top of each separated group the Chain [NAME] (policy ACCEPT). If I were to run the IPTables command that you are trying, I would alter it to:
Code: Select all
iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
Please run the iptables -L command and compare your chain names and alter the command accordingly if needed.