Install Iptables on CentOS 7

Disable FirewallD

To disable the FirewallD on your CentOS 7 system, follow these steps: Type the following command to stop the FirewallD service:

sudo systemctl stop firewalld

Disable the FirewallD service to start automatically on system boot:

sudo systemctl disable firewalld

Mask the FirewallD service to prevent it from being started by another services:

sudo systemctl mask --now firewalld

Install and Enable Iptables

Perform the following steps to install Iptables on a CentOS 7 system:

Run the following command to install the iptables-service package from the CentOS repositories:

sudo yum install iptables-services

Once the package is installed start the Iptables service:

sudo systemctl start iptablessudo systemctl start ip6tables

Enable the Iptables service to start automatically on system boot:

sudo systemctl enable iptablessudo systemctl enable ip6tables

Check the iptables service status with:

sudo systemctl status iptablessudo systemctl status ip6tables

To check the current iptables rules use the following commands:

sudo iptables -nvLsudo ip6tables -nvL

By default only the SSH port 22 is open. The output should look something like this:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
5400 6736K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 
2 148 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 4298 packets, 295K bytes)
pkts bytes target prot opt in out source destination

At this point, you have successfully enabled the iptables service and you can start building your firewall. The changes will persist after a reboot.

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.