Below is my IP list output. What IP tables command should issue to enable the addition of tcp port 444, which I'm using for non-standard SSL. I tried "iptables -A INPUT -p tcp –dport 444 -j ACCEPT" than a "service iptables save" but that didn't work?!?1?! In my httpd.conf I'm listening to port 444.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:30000
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
SSH_CHECK tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:snpp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
Chain SSH_CHECK (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: SSH side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 180 hit_count: 3 name: SSH side: source
Best Answer
In your current rule set, added rules with -A won't work because you have a REJECT rule. Use -I instead of -A to be rule that the rule is inserted in the first place. Or "-I INPUT 2", is better because it inserts the rule in the second place. the ESBLISHED,RELATED one should be in the first place for performance reason.