FirewallD replaces iptables in CentOS 7 and above version of CentOS as the default firewall management tool. FirewallD is a complete firewall solution that can be controlled with “firewall-cmd”. If you are familiar with Iptables, you can disable FirewallD and go back to the classic iptables setup. I prefer using classic iptables setup because I learned this long time ago and it is easy.
This tutorial will guide you on how to disable the FirewallD service and install iptables
Prerequisites
Before you start, make sure you are logged in as a user with sudo privileges.
Disable FirewallD
To disable the FirewallD on your CentOS 7 server, follow these steps:
1. Type the following command to stop the FirewallD service:
sudo systemctl stop firewalld
2. Disable the FirewallD service to start automatically on system boot:
sudo systemctl disable firewalld
3. Mask the FirewallD service to prevent it from being started by another service:
sudo systemctl mask --now firewalld
Install and Enable Iptables
Perform the following steps to install Iptables on a CentOS 7 server:
1. Run the following command to install the iptables-service package from the CentOS repositories:
sudo yum install iptables-services
2. Once the package is installed start the Iptables service:
sudo systemctl start iptables sudo systemctl start iptables6
3. Enable the Iptables service to start automatically on system boot:
sudo systemctl enable iptables sudo systemctl enable iptables6
4. Check the iptables service status with:
sudo systemctl status iptables sudo systemctl status iptables6
5. To can check the current iptables rules use the following commands:
sudo iptables -nvL sudo iptables6 -nvL
By default only the SSH port 22 is open. The output should look something like this:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5400 6736K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 2 148 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 4298 packets, 295K bytes) pkts bytes target prot opt in out source destination
Congratulations, you have successfully enabled the iptables service on your CentOS 7 server. You can now configure your firewall. Reboot your server to see the changes.