To increase the security of the instance, you want to enable linux firewall. To check the current ports open in the firewall you can run
$sudo iptables -v -L
Additionally, you can check if firewall is enabled at boot time
$ chkconfig --list |grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
To disable firewall at boot time you can run the below command:
$ sudo chkconfig iptables off
To confirm the runlevels (2,3,4,5), you can again run the below command:
$ chkconfig --list | grep iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
To the save the current firewall rules to a file, you can run
$sudo iptables-save > $HOME/firewall.rules
To restore the firewall rules, you can run
$sudo iptables-restore < $HOME/firewall.rules
To temporarily stop the firewall you can run the below command (NOTE:- before you stop iptables make sure to run iptables-save command to save the rules to a file)
$sudo /etc/init.d/iptables stop
Once the firewall has stopped, you can list the rules and it will show up like
$ sudo iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
To restart firewall, run
$sudo /etc/init.d/iptables start
$sudo iptables -v -L
Additionally, you can check if firewall is enabled at boot time
$ chkconfig --list |grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
To disable firewall at boot time you can run the below command:
$ sudo chkconfig iptables off
To confirm the runlevels (2,3,4,5), you can again run the below command:
$ chkconfig --list | grep iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
To the save the current firewall rules to a file, you can run
$sudo iptables-save > $HOME/firewall.rules
To restore the firewall rules, you can run
$sudo iptables-restore < $HOME/firewall.rules
To temporarily stop the firewall you can run the below command (NOTE:- before you stop iptables make sure to run iptables-save command to save the rules to a file)
$sudo /etc/init.d/iptables stop
Once the firewall has stopped, you can list the rules and it will show up like
$ sudo iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
To restart firewall, run
$sudo /etc/init.d/iptables start
No comments:
Post a Comment