Accueil > Réseau, Sécurité > Linux Iptables: HowTo Block or Open HTTP/Web Service Port 80 & 443

Linux Iptables: HowTo Block or Open HTTP/Web Service Port 80 & 443

01/03/2016 Categories: Réseau, Sécurité Tags: ,

Source: nixCraft

By default Apache webserver listen on port 80 (http) and port 443 (https i.e. secure http). Apache webserver uses the TCP protocol to transfer information/data between server and browser. The default Iptables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This post explains how to allow inbound and outbound access to web services under Linux.

You can edit /etc/sysconfig/iptables file under RHEL / CentOS / Fedora Linux. Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain to open port 80 and 443:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

Finally, restart the firewall:

# service iptables restart

If you’ve your own shell script, try:

/sbin/iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

Allow incoming http/web traffic at port 80

SERVER_IP="202.54.10.20"
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 80 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow incoming https/secure web traffic at port 443

SERVER_IP="202.54.10.20"
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 443 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow outgoing http/web service traffic to port 80

SERVER_IP="202.54.10.20"
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 1024:65535 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 80 -d $SERVER_IP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow outgoing https/secure web service traffic to port 443

SERVER_IP="202.54.10.20"
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 1024:65535 -d 0/0 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 443 -d $SERVER_IP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Print Friendly, PDF & Email

Related Post

Categories: Réseau, Sécurité Tags: ,
Les commentaires sont fermés.