How do I Install and Use Iptables on CentOS/RHEL 7
Latest Linux operating systems like CentOS/RedHat 7 and Fedora 21 has stop using iptables and start now using dynamic firewall daemon firewalld which provides a dynamically managed firewall. It supports for network and zones to assign a level of trust to a network, connections and interfaces. Firewalld also provides and interface for services or applications to add firewall rules directly. This article will help you to disable firewalld service and then install and use iptables on CentOS and Red Hat 7 Systems. Visit here to read more about firewallD.
Disable Firewalld Service
stopfirewalld # systemctl maskfirewalld
systemctl status firewalldfirewalld.service Loaded: masked (/dev/null) Active: inactive (dead) since Fri 2015-02-27 11:09:37 EST; 56s ago Main PID: 7411 (code=exited, status=0/SUCCESS) Feb 27 11:02:18 svr10 systemd: Started firewalld - dynamic firewall daemon. Feb 27 11:09:36 svr10 systemd: Stopping firewalld - dynamic firewall daemon... Feb 27 11:09:37 svr10 systemd: Stopped firewalld - dynamic firewall daemon.
Install Iptables Service in CentOS/RHEL 7
# yum install iptables-services -y
enableiptables # systemctl startiptables
systemctl status iptablesiptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled) Active: active (exited)since Fri 2015-02-27 11:14:12 EST; 14s ago Process: 7938 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 7938 (code=exited, status=0/SUCCESS) Feb 27 11:14:12 svr10 iptables.init: iptables: Applying firewall rules: [ OK ] Feb 27 11:14:12 svr10 systemd: Started IPv4 firewall with iptables.
iptables -LChain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination