IPtables not allowing yum in centos 7

Question

I have set DROP as default rule for all in my centos 7 system and allow only following rules.

#Allow web server ports
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT

When I run yum update. Error occured. When I disabled iptables yum update work successfully. Is yum use some port other than 80. What rule I should add to allow yum update to run successfully.

Gar · Answer 1 · 2016-05-25T11:43:06.840

3

i'd write these

iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT

iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

Dont forget to open for the DNS as well

iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT

and a line to accept packets from outbound connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

edited May 25 '16 at 11:43

answered May 25 '16 at 10:40

Gar

852
13
20

That's what i said, you should open the DNS ports as well, i'll add them – Gar May 25 '16 at 11:00
New Issue fa996-prestodelta.xml.gz: (28, 'Connection timed out after 30001 milliseconds') – Hafiz Muhammad Shafiq May 25 '16 at 11:36
i could'n see the full iptables, but i assume you blocking all the in, i'm adding 1 line for it – Gar May 25 '16 at 11:41
1

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT – Gar May 25 '16 at 15:04

IPtables not allowing yum in centos 7

1 Answers1