How to configure the firewall software iptables in Linux system?

To configure the firewall software iptables in a Linux system, follow these steps:

1. Check iptables Status:
   Verify if iptables is installed and running:

   sudo systemctl status iptables  
   

   If not installed, install it using your package manager (e.g., yum install iptables for CentOS/RHEL or apt install iptables for Debian/Ubuntu).

2. List Current Rules:
   View existing rules:

   sudo iptables -L -v -n  
   

3. Basic Rule Configuration:

   • Allow SSH (Port 22):

     sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT  
     

   • Allow HTTP (Port 80) and HTTPS (Port 443):

     sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT  
     sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT  
     

   • Block All Other Incoming Traffic:

     sudo iptables -P INPUT DROP  
     

4. Save Rules:
   Rules are lost after reboot unless saved. On CentOS/RHEL:

   sudo service iptables save  
   

   On Ubuntu/Debian, install iptables-persistent:

   sudo apt install iptables-persistent  
   sudo netfilter-persistent save  
   

5. Example: Allow Specific IP Range:

   sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT  
   

For cloud-based Linux instances, Tencent Cloud provides Security Groups as an alternative to manually configuring iptables. Security Groups offer a centralized way to manage inbound/outbound traffic, similar to a virtual firewall. However, if you prefer iptables, the above steps apply directly to Tencent Cloud CVM (Cloud Virtual Machine) instances.