
FirewallD is replacement of iptables. Now a days, It can be use as the default firewall management tool. It’s a capable firewall solution which using firewall-cmd utility to manage firewall configuration. If you are comfortable with Iptables command-line syntax then you can enable Iptables. Iptables and firewalld are mutually exclusive so only one can be run at a time. This tutorial will cover steps how to install Iptables on CentOS 7 system.
Prerequisites
Ensure that you are logged in as a non-root user with sudo privileges.
Disable FirewallD
Before installing and use iptables services on CentOS system, you should disable firewalld service. Follow below commands to completely disable firewalld.
First of all, you need to stop firewalld service by typing:
sudo systemctl stop firewalld
After that, disable FirewallD service to start automatically on system boot:
sudo systemctl disable firewalld
You need to Mask the FirewallD service to stop it from being started by another services:
sudo systemctl mask --now firewalld
You can verify the status of FirewallD service by typing:
sudo systemctl status firewalld
By default, SSH port 22 is open. It will show output as below:
● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
Apr 22 17:00:30 centos7 systemd[1]: Starting firewalld - dynamic firewall d…..
Apr 22 17:00:33 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Apr 22 17:06:14 centos7 systemd[1]: Stopping firewalld - dynamic firewall d…..
Apr 22 17:06:15 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Install Iptables on CentOS 7
At first, Run below command to install the iptables-service
package from the CentOS repositories :
sudo yum install iptables-services
Once the process is completed, you should start iptables services using below command:
sudo systemctl start iptables
To start Iptables services automatically on your system boot, execute below command:
sudo systemctl enable iptables
You can check the iptables service status by typing:
sudo systemctl status iptables
To get list of iptables rules by type:
sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
23 1596 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 23 packets, 4120 bytes)
pkts bytes target prot opt in out source destination
Thus, you have successfully enabled and started iptables service and you can manage your firewall.
Conclusion
Finally, you have learned how to disable FirewallD and install and iptables on CentOS 7 server.
If you have any questions feel free to leave a comment below.
Leave a Reply