Use the iptables and ip6tables services instead of firewalld – CentOS 7

To use the iptables and ip6tables services instead of firewalld, first disable firewalld by running the following command as root:

root# systemctl disable firewalld
root# systemctl stop firewalld

Then install the iptables-services package by entering the following command as root:

root# yum install iptables-services

The iptables-services package contains the iptables service and the ip6tables service.
Then, to start the iptables and ip6tables services, run the following commands as root:

root# systemctl start iptables
root# systemctl start ip6tables
root# systemctl enable iptables
root# systemctl enable ip6tables

An example script which blocks INPUT and FORWARD and runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables. Upon reboot, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.

#!/bin/bash
#
# Flush all current rules from iptables

iptables -F

# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Set default policies for INPUT, FORWARD and OUTPUT chains

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Set access for localhost

iptables -A INPUT -i lo -j ACCEPT

# Accept packets belonging to established and related connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Save settings

/sbin/service iptables save

# List rules

iptables -L -v

# END

Leave a Reply

Your email address will not be published. Required fields are marked *

*