One good way to become familiar with iptables rules is to open a terminal, do an “iptables-save > filename,” then examine the text file “filename.” We use CentOS on one of our Webservers; here’s the rule that opens port 80:
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
If you have Webmin on your Cent box, use the provided firewall GUI to set up a rule. Then use Webmin’s firewall/firewalld configurator to look at your rules. You’ll typically see something like, “NEW, ESTABLISHED” in the rule for each opened port. (Note: I don’t recommend Webmin on a Suse box. Yast is vastly superior.)
iptables is a stateful firewall, which means that it can keep track of connections. So, if the connection request is NEW, iptables permits it, then makes a note of it. The server may pick some random (typically high) port number to return stuff to the client, once the connection is ESTABLISHED. It allows the client connection to pass transparently until broken or closed. iptables can keep up with this.
The man page for iptables is more confusing than a recipe for a 10-course meal. If you Google it, you’ll find some decent tutorials online. But I’ll agree that it’s not easy. (Geeks. What can I say?)
The biggest mistake that beginners make (Stephen blushes and raises his hand) is forgetting that there’s a big difference between “iptables -A” (add) and “iptables -I” (insert). iptables evaluates rules strictly in list order. Simply put, if you have rules that say,
ETHO - allow all
ETHO - drop all
… you’ve got a wide open firewall. The first rule overrides the second. To ensure that a rule goes at the top of the chain, use (I)insert.
If at all possible, use Yast’s firewall configuration tool. It does the heavy lifting for you. If you like, you can then do an iptables-save > textfile, then search for your port number in the text file. SuSE adds a lot of extra rules for rate limiting and logging, but you can still get an idea of what it’s up to that way. Look at the ACCEPT rules for your port numbers.