Open firewall rules

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
inserm
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Open firewall rules

Post by inserm »

Hello,

I want to know what is the command to open the firewall
I found this command in the doc but for fedora:

Code: Select all

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
I use ubuntu
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Open firewall rules

Post by sreinhardt »

What are you trying to open firewall ports for? This would be the port for nrpe, and yes it should work for any system using iptables. The rule here is doing the following:

Code: Select all

Inserting the rule into the top of RH-Firewall-1-INPUT chain      -I RH-Firewall-1-INPUT
using TCP ports                                                   -p tcp
match TCP protocol                                                -m tcp
setting the destination port as 5666                              –dport 5666
telling IPtables to accept not reject the packet                  -j ACCEPT
If you are looking to connect to this host from another using nrpe, this is just what you want, with the exception of changing the chain rule to your named input chain.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
inserm
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Re: Open firewall rules

Post by inserm »

When I type this command:

Code: Select all

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT
it returns me :

Code: Select all

Bad argument `5666' 
Try `iptables -h' or `iptables --help' for more information. 
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Open firewall rules

Post by sreinhardt »

I believe you will need to change -dport to --dport. That should resolve the 5666 error.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
inserm
Posts: 24
Joined: Tue Jul 31, 2012 6:05 am

Re: Open firewall rules

Post by inserm »

sreinhardt wrote:I believe you will need to change -dport to --dport. That should resolve the 5666 error.
I have tested with this command :

Code: Select all

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
its returns :

Code: Select all

iptables: No chain/target/match by that name.
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Open firewall rules

Post by sreinhardt »

Is this command something that you directly copied from the internet? By default the IPTables chains are labeled fairly generic as INPUT, FORWARD, and OUTPUT. Unless you have created custom chains the input chain is not going to be named RH-Firewall-1 per how the command is written. When I list my current rules, you can see the results that I get.

Code: Select all

[root@CentOS-x86-64 nagiosxi]# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Notice at the top of each separated group the Chain [NAME] (policy ACCEPT). If I were to run the IPTables command that you are trying, I would alter it to:

Code: Select all

iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
Please run the iptables -L command and compare your chain names and alter the command accordingly if needed.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Locked