Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use iptables on centos 7? [closed]

Tags:

networking

iptables

centos

systemd

People also ask

Does CentOS use iptables?

CentOS has an extremely powerful firewall built in, commonly referred to as iptables, but more accurately is iptables/netfilter. Iptables is the userspace module, the bit that you, the user, interact with at the command line to enter firewall rules into predefined tables.

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

RHEL and CentOS 7 use firewall-cmd instead of iptables. You should use that kind of command:

# add ssh port as permanent opened port
firewall-cmd --zone=public --add-port=22/tcp --permanent

Then, you can reload rules to be sure that everything is ok

firewall-cmd --reload

This is better than using iptable-save, espacially if you plan to use lxc or docker containers. Launching docker services will add some rules that iptable-save command will prompt. If you save the result, you will have a lot of rules that should NOT be saved. Because docker containers can change them ip addresses at next reboot.

Firewall-cmd with permanent option is better for that.

Check "man firewall-cmd" or check the official firewalld docs to see options. There are a lot of options to check zones, configuration, how it works... man page is really complete.

I strongly recommand to not use iptables-service since Centos 7


I had the problem that rebooting wouldn't start iptables.

This fixed it:

yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables

Try the following command iptables-save.


I modified the /etc/sysconfig/ip6tables-config file changing:

IP6TABLES_SAVE_ON_STOP="no"

To: 

IP6TABLES_SAVE_ON_STOP="yes"

And this:

IP6TABLES_SAVE_ON_RESTART="no"

To:

IP6TABLES_SAVE_ON_RESTART="yes"

This seemed to save the changes I made using the iptables commands through a reboot.


Put the IPtables configuration in the traditional file and it will be loaded after boot:

/etc/sysconfig/iptables

Related questions

How can I kill whatever process is using port 8080 so that I can vagrant up?
How can I check if an ip is in a network in Python?
How should one go about choosing a default TCP/IP port for a new service?
Easiest way to read from a URL into a string in .NET
Can TCP and UDP sockets use the same port?
Getting MAC Address
How to overcome root domain CNAME restrictions?
How do I access the host machine from the guest machine? [closed]
Find UNC path of a network drive?
How to monitor network calls made from iOS Simulator
Wireshark localhost traffic capture [closed]
How does the socket API accept() function work?
protobuf vs gRPC
Are parallel calls to send/recv on the same socket valid?
iPhone Simulator - Simulate a slow connection?
What causes a TCP/IP reset (RST) flag to be sent?
Why is it not advisable to have the database and web server on the same machine?
Android emulator: How to monitor network traffic?
How to write a scalable TCP/IP based server
How to detect the physical connected state of a network cable/connector?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!