How to allow/open a specific port on the server

With the following commands  you are able to allow certain services. Below http (port 80), https (port 443) and SSH (port 22) will be allowed:

sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Save and restore iptables rules

In the following section will be covered how you are able to save and restore your iptables rules. Rules added to the iptables are stored in memory and are removed on reboot.  How to save your iptables rules will depend on the distribution you are using.

CentOS/ RHEL 6.x

The following command can be used to save the iptables. This command saves the current rules to /etc/sysconfig/iptables. When the server is then rebooted the rules saved will be automatically applied:

service iptables save

The below command can be used to restore the rules manually. This might be useful once you are setting up iptables:

sudo iptables-restore < /etc/sysconfig/iptables

Ubuntu 14.x/ 16.x

In order to save your rules of iptables in Ubuntu 14.x and 16.x the following command can be used:

sudo iptables-save > /etc/iptables/rules.v4

After a reboot you are then able to use the following command to restore your iptables rules:

sudo iptables-restore < /etc/iptables/rules.v4

You can also automate the restore process at reboot by installing an additional package for iptables. This package will make sure that all saved rules are automatically loaded on boot. The following command can be used to install this package/service:

sudo apt-get install iptables-persistent

On Ubuntu 18.x a different tool is used by default. The ufw tool is used by Ubuntu 18.x as the default firewall. More information on this tool can be found in the following guide: Ufw firewall basics

For CentOS 7 .x and 8.x the tool called firewalld is used. More information on this tool can be found in the following guide: Firewalld basics

If you are facing any difficulties with the configuration of iptables feel free to contact us at my.ws.