Install Iptables on CentOS 7

Disable FirewallD

To disable the FirewallD on your CentOS 7 system, follow these steps: Type the following command to stop the FirewallD service:

sudo systemctl stop firewalld

Disable the FirewallD service to start automatically on system boot:

sudo systemctl disable firewalld

Mask the FirewallD service to prevent it from being started by another services:

sudo systemctl mask --now firewalld

Install and Enable Iptables

Perform the following steps to install Iptables on a CentOS 7 system:

Run the following command to install the iptables-service package from the CentOS repositories:

Read more

Share

Disable FirewallD and Enable Iptables on CentOS 7

Download and Install the Iptables Service

To begin your server’s transition, you need to download and install the iptables-service package from the CentOS repositories. Download and install the service files by typing:

sudo yum install iptables-services

This will download and install the systemd scripts used to manage the iptables service. It will also write some default iptables and ip6tables configuration files to the /etc/sysconfig directory.

Construct your Iptables Firewall Rules

Next, you need to construct your iptables firewall rules by modifying the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files. These files hold the rules that will be read and applied when we start the iptables service.

How you construct your firewall rules depends on whether the system-config-firewall process is installed and being used to manage these files. Check the top of the /etc/sysconfig/iptables file to see whether it recommends against manual editing or not:

sudo head -2 /etc/sysconfig/iptables

If the output looks like this, feel free to manually edit the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files to implement the policies for your iptables firewall:

output
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall

Open and edit the files with sudo privileges to add your rules:

sudo nano /etc/sysconfig/iptables
sudo nano /etc/sysconfig/ip6tables

After you’ve made your rules, you can test your IPv4 and IPv6 rules using these commands:

sudo sh -c 'iptables-restore -t < /etc/sysconfig/iptables'
sudo sh -c 'ip6tables-restore -t < /etc/sysconfig/ip6tables'

If, on the other hand, the output from examining the /etc/sysconfig/iptables file looks like this, you should not manually edit the file:

Read more

Share