×


Install Iptables on CentOS 7 Server - Step by Step Process ?

FirewallD is replacement of iptables. Now a days, It can be use as the default firewall management tool. It's a capable firewall solution which using firewall-cmd utility to manage firewall configuration. If you are comfortable with Iptables command-line syntax then you can enable Iptables. Iptables and firewalld are mutually exclusive so only one can be run at a time.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Iptables queries.

In this context, we shall look into how to install Iptables on CentOS 7 system.


How to Disable FirewallD ?

Before performing this procedure, ensure that you are logged in as a non-root user with sudo privileges.

Also, to install and use iptables services on CentOS system, you should disable firewalld service. Follow below commands to completely disable firewalld.

i. First of all, you need to stop firewalld service by typing:

$ sudo systemctl stop firewalld

ii. After that, disable FirewallD service to start automatically on system boot:

$ sudo systemctl disable firewalld

iii. You need to Mask the FirewallD service to stop it from being started by another services:

$ sudo systemctl mask --now firewalld

iv. You can verify the status of FirewallD service by typing:

$ sudo systemctl status firewalld

By default, SSH port 22 is open. It will show output as below:

● firewalld.service
    Loaded: masked (/dev/null; bad)
    Active: inactive (dead)
 Apr 22 17:00:30 centos7 systemd[1]: Starting firewalld - dynamic firewall d…..
 Apr 22 17:00:33 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
 Apr 22 17:06:14 centos7 systemd[1]: Stopping firewalld - dynamic firewall d…..
 Apr 22 17:06:15 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.


How to Install Iptables on CentOS ?

i. To begin, Run below command to install the iptables-service package from the CentOS repositories :

$ sudo yum install iptables-services

ii. Once the process is completed, you should start iptables services using below command:

$ sudo systemctl start iptables

iii. To start Iptables services automatically on your system boot, execute below command:

$ sudo systemctl enable iptables

iv. You can check the iptables service status by typing:

$ sudo systemctl status iptables

v. To get list of iptables rules by type:

$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
    23  1596 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
 Chain OUTPUT (policy ACCEPT 23 packets, 4120 bytes)
  pkts bytes target     prot opt in     out     source               destination

Thus, you have successfully enabled and started iptables service and you can manage your firewall.


[Need assistance in fixing Linux system errors? We can help you. ]


Conclusion

This article covers how to disable FirewallD and install and iptables on CentOS 7 server. The iptables service stores configuration in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables , while firewalld stores it in various XML files in /usr/lib/firewalld/ and /etc/firewalld/ . 

Note that the /etc/sysconfig/iptables file does not exist as firewalld is installed by default on Red Hat Enterprise Linux.

FirewallD is a complete firewall solution that can be controlled with a command-line utility called firewall-cmd. If you are more comfortable with the Iptables command line syntax, then you can disable FirewallD and go back to the classic iptables setup.


To Install and Use Iptables Linux Firewall:

1. Connect to your server via SSH.

2. Execute the following command one by one: 

$ sudo apt-get update 
$ sudo apt-get install iptables

3. Check the status of your current iptables configuration by running:

$ sudo iptables -L -v


Location of iptables rules on CentOS ?

CentOS 7 uses FirewallD by default. If you would like to manage iptables/ip6tables rules directly without using FirewallD, you may use the old good iptables-services service which will load the iptables/ip6tables rules saved in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables when it is started during boot time.