RHEL/CentOS/Scientific Linux 7 has stopped using iptables and start now using firewalld which provides a dynamically managed firewall. This article will help you to disable firewalld service and then install and use iptables on Enterprise Linux Systems. Visit here to read more about firewalld.
Disable Firewalld Service
Before we install iptables we need to make sure firewalld is disabled. To completely disable firewalld service use following commands.
# systemctl stop firewalld # systemctl mask firewalld
Now let make sure firewalld is disabled but checking its status.
# systemctl status firewalld firewalld.service Loaded: masked (/dev/null) Active: inactive (dead) since Fri 2017-03-17 11:09:37 EST; 56s ago Main PID: 7411 (code=exited, status=0/SUCCESS) Mar 17 11:02:18 centos10 systemd: Started firewalld - dynamic firewall daemon. Mar 17 11:09:36 centos10 systemd: Stopping firewalld - dynamic firewall daemon... Mar 17 11:09:37 centos10 systemd: Stopped firewalld - dynamic firewall daemon.
Install Iptables Service in RHEL/CentOS/Scientific Linux 7
Now install iptables service using yum package manager using the following command.
# yum install iptables-services -y
Now lets enable the iptables service by using the below commands.
# systemctl enable iptables # systemctl start iptables
Now let make sure iptables is running by checking its status.
# systemctl status iptables iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled) Active: active (exited) since Fri 2017-03-17 11:14:12 EST; 14s ago Process: 7938 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 7938 (code=exited, status=0/SUCCESS) Mar 17 11:14:12 centos10 iptables.init: iptables: Applying firewall rules: [ OK ] Mar 17 11:14:12 centos10 systemd: Started IPv4 firewall with iptables.
If everything went well we should be able to list our active iptables policies.
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination