how to config 80 port for apache in iptables
Thomas Woerner
twoerner at redhat.com
Wed Apr 15 13:15:23 UTC 2009
Nathan Huang wrote:
> Hi guys
> who can help me with opening 80 port for apache in iptables, I want to
> access my apache server from remote computer, but I failed in config
> iptables with 80 port.
>
> First step:
> echo '-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
> 80 -j ACCEPT' >> /etc/sysconfig/iptables
>
> Second step:
> /sbin/service iptables restart
>
> error:
> iptables: Flushing firewall rules: [ OK ]
> iptables: Setting chains to policy ACCEPT: filter [ OK ]
> iptables: Unloading modules: [ OK ]
> iptables: Applying firewall rules: iptables-restore: line 15 failed
> [FAILED]
>
> who can tell me what's wrong with my iptable configuration.
> thanks
> nathan
>
>
>
The chain name "RH-Firewall-1-INPUT" is obsolete and should not be used
for Fedora >= 9 (system-config-firewall >= 1.2.0). Please use the chain
"INPUT" instead.
If you are using system-config-firewall instead of changing
/etc/sysconfig/ip*tables by hand, then your configuration changes will
be persistent and will not be lost if you are using e.g. libvirt or
system-config-firewall or lokkit.
The /etc/sysconfig/ip*tables files are only used to be able to feed the
ip*tables services. If you do not want to use system-config-firewall and
want to administer your firewall configuration on your own, you should
use "lokkit --disabled". But keep in mind that you should do this before
you are writing the configuration files /etc/sysconfig/ip*tables,
because they will be removed in versions prior to F-11 and renamed to
/etc/sysconfig/ip*tables.old with F-11 and later.
Thanks,
Thomas (the author of system-config-firewall)
More information about the fedora-list
mailing list