How to install and Use Iptables on RHEL 7/ CentOS 7 / Scientific Linux 7

Submitted by rmiddle on Sun, 03/26/2017 - 23:25

RHEL/CentOS/Scientific Linux 7 has stopped using iptables and start now using firewalld which provides a dynamically managed firewall. This article will help you to disable firewalld service and then install and use iptables on Enterprise Linux Systems.  Visit here to read more about firewalld.

Disable Firewalld Service

Before we install iptables we need to make sure firewalld is disabled.   To completely disable firewalld service use following commands.

# systemctl stop firewalld
# systemctl mask firewalld
Now let make sure firewalld is disabled but checking its status.
# systemctl status firewalld

   Loaded: masked (/dev/null)
   Active: inactive (dead) since Fri 2017-03-17 11:09:37 EST; 56s ago
 Main PID: 7411 (code=exited, status=0/SUCCESS)

Mar 17 11:02:18 centos10 systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 17 11:09:36 centos10 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 17 11:09:37 centos10 systemd[1]: Stopped firewalld - dynamic firewall daemon.


Install Iptables Service in RHEL/CentOS/Scientific Linux 7

Now install iptables service using yum package manager using the following command.

# yum install iptables-services -y

Now lets enable the iptables service by using the below commands.

# systemctl enable iptables
# systemctl start iptables

Now let make sure iptables is running by checking its status.

# systemctl status iptables

iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
   Active: active (exited) since Fri 2017-03-17 11:14:12 EST; 14s ago
  Process: 7938 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 7938 (code=exited, status=0/SUCCESS)

Mar 17 11:14:12 centos10 iptables.init[7938]: iptables: Applying firewall rules: [  OK  ]
Mar 17 11:14:12 centos10 systemd[1]: Started IPv4 firewall with iptables.

If everything went well we should be able to list our active iptables policies.

# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination