Linux iptables setup port 80/9080/9443

1. Problem - Found on website, using the following command to add a rule

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9080 -j ACCEPT

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9443 -j ACCEPT

The setting didn't work, and the 9080/9443 not accessible.

Because the rules were added after

-A INPUT -j DROP

2. Solution, using the following

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 9080 -j ACCEPT

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 9443 -j ACCEPT

service iptables save

The rules were added to very beginning of the /etc/sysconfig/iptables. Then it worked.

3. Update the /etc/sysconfig/iptables-config, or the rules lost after issuing service iptables restart to make it take effect.

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="yes"

4. Sometimes 80 cannot added to iptables file (try many times)
失败了很多次，80端口总是设置不成功，被覆盖掉。估计是参数不对。
后来用命令: # system-config-firewall 在GUI里配置，会自动修改/etc/sysconfig/iptables文件
或者: # system-config-firewall-tui  
参考： http://www.cyberciti.biz/faq/linux-web-server-firewall-tutorial/