2

I've CentOS 7 server without firewalld but with iptables installed.

There's WildFly 10 is running with changed socket binding http port 8080 to 80 in standalone.xml.

I'd open 80 port in iptables with these commands:

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT

but the server is still unreachable until I stop iptables.

How to fix it?

Update:

#iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 8080 -j ACCEPT


# netstat -nltp | grep :80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN             10042/java
WildDev
  • 167
  • 8

1 Answers1

6

Your rules are wrong for what you want to achieve. The INPUT chain deals with incoming traffic and the OUTPUT chain deals with traffic going out. So for what you want to achieve you need a rule like this (and you don't need a rule for OUTPUT chain and can remove it):

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Other than that, the order of the rules are important and your rule lists doesn't look ok. For example you have a rule at the 8th line to reject everything, then a following rule to accept something won't work. So, put the all reject rule at the end. You have also many duplicate rules, just remove them and flush iptables.

See these pages to have a better understanding of iptables:

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

How To Set Up a Basic Iptables Firewall on Centos 6

Diamond
  • 9,291