How to disable iptables

The linux firewall, iptables, will block ports which are required to access CafeX services and applications. A full list of ports required is available in the technical implementation manual which is available via your project implementation team.

Typically you will want to configure iptables to open up the required ports & only block ports that are not required - CafeX can assist with this configuration.

To simplify installation & initial testing it is often easier to disable iptables, build a working system & then configure iptables once the system is up and running. This short article describes how to disable iptables.

 

 

Step 1. Is iptables running

Use the service command to determine if iptables is running:

# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Use the chkconfig command to determine what run levels iptables is enabled at:

# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Step 2. Stop iptables

Use the service command to stop iptables:

# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]

Step 3. Disable iptables

Use the chkconfig command to disable iptables at all run levels:

# chkconfig iptables off
# chkconfig --list iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Step 4. Enable & configure iptables

As mentioned previously, once the system is up and running you will typically want to enable iptables & configure it to allow the required ports whilst blocking everything else. Contact your CafeX implementation team for assistance if required.

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk