Install Iptables in CentOS 7


In order to install iptables in centos 7, you need to either use firewall-cmd commands or disable firewalld and then enable iptables. This is because firewalld is a replacement of iptables, therefore only one should run at a time. So let’s first disable firewalld.

To mask or disable firewalld you can use the below command:

$ sudo systemctl mask firewalld
$ sudo systemctl stop firewalld

After completing check the status of FirewallD:

$ sudo systemctl status firewalld
With output:
Loaded: masked (/dev/null)
Active: inactive (dead) since Tue 2021-02-12 11:09:20 EST; 60s ago
Main PID: 7411 (code=exited, status=0/SUCCESS)
Aug 17 11:02:10 svr10 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 17 11:09:19 svr10 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 17 11:09:20 svr10 systemd[1]: Stopped firewalld - dynamic firewall daemon.

Steps to Install and configure iptables on centOS7

1.    To install the iptables-services package from CentOS follow the below command (You can skip if you have already installed it).

$ yum install iptables-services

2.    Once the installation process gets completed, enable the iptables services to start automatically at boot by using the following commands:

$ systemctl enable iptables
$ systemctl enable ip6tables

Note: For IPv6 you need to start & enable ip6tables, as iptables only support IPv4 and set IPv6 firewall configuration within  /etc/sysconfig/ip6tables file.

3.    Then add the iptables rule. It can be commonly configured in either of the following ways:

•    From Command-line Interface (CLI), by using the commands iptables –I Input
•    Configure the iptables as usually by editing /etc/syscongfig/iptables files to get similar output like below example (Ports 22 and 80 remain open):

$ cat /etc/sysconfig/iptables
:OUTPUT ACCEPT [214:43782]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
$cat /etc/sysconfig/ip6tables
:OUTPUT ACCEPT [214:43782]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited

4.    Ensure to restart the iptables, if you have made any changes to the file.

$ systemctl restart iptables
$ systemctl restart ip6tables

5.    After enabling the iptables, if you want to check the status of the same run the command:

$ systemctl status iptables
$ systemctl status ip6tables

6.    The status will be displayed to you and if you want to check the IP tables rules, you can do that by executing the command:

$ iptables -L

Accordingly, the output will be displayed to you and that’s it we have successfully installed iptables in CentOS 7.

Check: Installation of VestaCP on Centos7

To get more updates follow us on Facebook, Twitter, LinkedIn

Subscribe to get free blog content to your Inbox