Latest Linux operating systems like CentOS/RedHat 7 and Fedora 21 has stopped using iptables and start now using dynamic firewall daemon firewalld which provides a dynamically managed firewall. It supports for network and zones to assign a level of trust to a network, connections, and interfaces. Firewalld also provides an interface for services or applications to add firewall rules directly. This article will help you to disable firewalld service and then install and use iptables on CentOS and Red Hat 7 Systems. Visit here to read more about firewalld.
Disable Firewalld Service
Before installing and using iptables services on CentOS and Red Hat 7 systems, we need to disable firewalld service. To completely disable firewalld service use following commands.
sudo systemctl stop firewalld sudo systemctl mask firewalld
Now check firewalld status
sudo systemctl status firewalld
firewalld.service Loaded: masked (/dev/null) Active: inactive (dead) since Fri 2015-02-27 11:09:37 EST; 56s ago Main PID: 7411 (code=exited, status=0/SUCCESS) Feb 27 11:02:18 svr10 systemd: Started firewalld - dynamic firewall daemon. Feb 27 11:09:36 svr10 systemd: Stopping firewalld - dynamic firewall daemon... Feb 27 11:09:37 svr10 systemd: Stopped firewalld - dynamic firewall daemon.
Install Iptables on CentOS/RHEL 7
Now install iptables service using yum package manager using the following command.
sudo yum install iptables-services
After installing enable iptables service and start using below commands.
sudo systemctl enable iptables sudo systemctl start iptables
Now check the iptables service status using below command.
sudo systemctl status iptables
To list iptables rules use the following command.
sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination