Iptables installation and configuration-

We have one of our website up and running on our Nautilus infrastructure in Stratos DC. Our security team has raised a concern that right now 6000 is open for all since there is no firewall installed on these hosts. So we have decided to add some security layer for these hosts and after discussions and recommendations we have come up with below given requirements:

  1. Install iptables and all its dependencies on each app host.
  2. Block incoming port 6000 on all apps for everyone except for LBR host.
  3. Make sure the rules should persist even after system reboot.

Ran below commands in stapp01
Yum install –y iptables-services

systemctl enable iptables

systemctl enable ip6tables

systemctl start iptables

systemctl start ip6tables

iptables -I INPUT -p tcp ! -s --dport 6000 -j REJECT

iptables-save > /etc/sysconfig/iptables

When i tried to telnet stapp01 from stlb01, it failed. Did I missed something?

telnet 6000

@kodekloud-support3 What I’m missing here?

@Dhanabalan Hey were you able to figure it out ? from what i see, it says “Block incoming port 6000 on all apps for everyone” it doesn’t say for a specific ip address or host. So why did you add LBR IP ?