The following instructions apply to Red Hat Enterprise Linux version 3 and version 4 installations.
Outline of Procedure
- Determine if the iptables kernel module is installed on your
system.
- Determine if the iptables user-space package is installed on
your system.
- Create the iptables configuration file.
- Start/reload the iptables chains.
- Debug your configuration until you cease to get errors.
- Confirm that iptables works as expected.
- Set up the system to start iptables at boot time.
Detailed Procedure
-
Determine if the iptables kernel module is installed on your
system:
Run the command
/sbin/modinfo ip_tables
If the error message modinfo: ip_tables: no module by that name
found appears, then support for iptables has not been compiled
into your kernel. One of many resources that describes how to do
so can be found at
http://www.unixreview.com/documents/s=1237/urm0103c/0103c.htm. However, the
stock Red Hat Enterprise Linux 3 kernel should already support iptables.
-
Determine if the iptables user-space package is installed on
your system:
Run the command
/bin/rpm -q iptables
If the message package iptables is not installed appears, you
will need to install the iptables package. which can be found via
the Red Hat Network or on Red Hat Enterprise Linux 3 installation
CD-ROM 2 under <CD_Mount_Point>/RedHat/RPMS/. Once you have the package,
you can install it with the rpm command, e.g.,
/bin/rpm -ivh iptables-1.2.8-12.i386.rpm
Once you have both the iptables kernel module and iptables user-space
package installed, you can continue with the installation.
-
Create the iptables configuration file:
You will need to create your iptables configuration file.
The configuration file simply stores a
sequence of iptables packet filtering chains. The chains are read
and made active by the iptables startup script.
Sample of a very basic
iptables configuration file.
(Note: Save the sample iptables configuration file as the file
name iptables-rhel3.rules.)
Edit the sample iptables configuration file as needed for your
workstation. Once you've finished editing the configuration file,
save a copy of the system's original configuration file:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
Now, save your iptables configuration file:
cp iptables-rhel3.rules /etc/sysconfig/iptables
Make sure that your iptables configuration file is owned by user
root, group root:
chown root:root /etc/sysconfig/iptables
Change the permissions of your iptables configuration file to
read/write by user root only:
chmod 600 /etc/sysconfig/iptables
-
Start/reload the iptables chains:
Run the iptables startup script to enable the iptables packet
filtering chains in /etc/sysconfig/iptables:
/sbin/service iptables start
-
Debug your configuration:
Unless you're a wizard at iptables, you'll very likely have to
edit /etc/sysconfig/iptables until you stop getting errors when
trying to run the iptables startup script.
-
Confirm that iptables works as expected:
List the properties of the current iptable packet filtering
chains:
/sbin/iptables -L
For extra peace of mind, it's a good idea to check your
machine from another machine using a port scanner such as nmap
(included with Red Hat Enterprise Linux 3).
-
Set up the system to start iptables at boot time:
Once you are confident that you have iptables set up correctly,
configure your machine to run your iptables packet filtering
chains at boot time:
/sbin/chkconfig iptables on
![[CITES]](../../images/cites_home.gif)
![[UIUC]](../../images/iMark_sm.gif)
![[WSG]](../../images/wsg.gif){kind=small}