How to Install Iptables on CentOS 7 Server

FirewallD replaces iptables in CentOS 7 and above version of CentOS as the default firewall management tool. FirewallD is a complete firewall solution that can be controlled with “firewall-cmd”. If you are familiar with Iptables, you can disable FirewallD and go back to the classic iptables setup. I prefer using classic iptables setup because I learned this long time ago and it is easy.

IPtables on CentOS 7

This tutorial will guide you on how to disable the FirewallD service and install iptables

Prerequisites

Before you start, make sure you are logged in as a user with sudo privileges.

Disable FirewallD

To disable the FirewallD on your CentOS 7 server, follow these steps:

1. Type the following command to stop the FirewallD service:

sudo systemctl stop firewalld

2. Disable the FirewallD service to start automatically on system boot:

sudo systemctl disable firewalld

3. Mask the FirewallD service to prevent it from being started by another service:

sudo systemctl mask --now firewalld

Install and Enable Iptables

Perform the following steps to install Iptables on a CentOS 7 server:

1. Run the following command to install the iptables-service package from the CentOS repositories:

sudo yum install iptables-services

2. Once the package is installed start the Iptables service:

sudo systemctl start iptables
sudo systemctl start iptables6

3. Enable the Iptables service to start automatically on system boot:

sudo systemctl enable iptables
sudo systemctl enable iptables6

4. Check the iptables service status with:

sudo systemctl status iptables
sudo systemctl status iptables6

5. To can check the current iptables rules use the following commands:

sudo iptables -nvL
sudo iptables6 -nvL

By default only the SSH port 22 is open. The output should look something like this:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5400 6736K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   148 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 4298 packets, 295K bytes)
 pkts bytes target     prot opt in     out     source               destination     

Congratulations, you have successfully enabled the iptables service on your CentOS 7 server. You can now configure your firewall. Reboot your server to see the changes.

READ  How to Install Django on Centos 5