To use the iptables and ip6tables services instead of firewalld, first disable firewalld by running the following command as root:
root# systemctl disable firewalld
root# systemctl stop firewalld
Then install the iptables-services package by entering the following command as root:
root# yum install iptables-services
The iptables-services package contains the iptables service and the ip6tables service.
Then, to start the iptables and ip6tables services, run the following commands as root:
root# systemctl start iptables
root# systemctl start ip6tables
root# systemctl enable iptables
root# systemctl enable ip6tables
An example script which blocks INPUT and FORWARD and runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables. Upon reboot, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.
#!/bin/bash
#
# Flush all current rules from iptables
iptables -F
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Set access for localhost
iptables -A INPUT -i lo -j ACCEPT
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Save settings
/sbin/service iptables save
# List rules
iptables -L -v
# END