• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to disable firewalld and and switch to iptables in CentOS / RHEL 7

By admin

By default, RHEL 7 uses the FirewallD service to provide network security. Firewalld may not be to everyone’s liking and you may prefer iptables. FirewallD must be stopped and disabled when using the iptables service. The posts outlines the steps to disable firewalld and enable iptables in CentOS/RHEL 7.

Stop and disable firewalld

1. To begin with, you should disable Firewalld and make sure it does not start at boot again.

# systemctl stop firewalld
# systemctl disable firewalld

2. Masking the firewalld service creates a symlink from /etc/systemd/system/firewalld.service to /dev/null thus disabling the firewalld service.

# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

Install and configure iptables

1. To enable iptables, first we have to install the “iptables-services” package.

# yum install iptables-services

2. Start and enable the iptables service to be enabled at boot automatically.

# systemctl start iptables
# systemctl enable iptables

Check to see if any rules are left behind from firewalld. By default a fresh intall of iptables would have iptables rules as shown below.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Clearing leftover firewalld rules

1. If needed you can clear iptables rules left over from firewalld with the following commands.

# iptables -t nat -F
# iptables -t mangle -F
# iptables -F
# iptables -X
# service iptables save

2. Post running the above commands you would get an empty iptable rules as shown below.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Firewalld Command line Reference (Cheat Sheet)
CentOS / RHEL 7 : Never run the iptables service and FirewallD service at the same time!

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL 5 : dm-multipath file /etc/sysconfig/mkinitrd/multipath explained
  2. “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  3. CentOS/RHEL: “id” command doesn’t list the Group Name against GID for LDAP Users
  4. How to Configure Interface bonding (NIC Teaming) on Oracle Linux 6
  5. CentOS / RHEL 7 : Beginners guide to systemd
  6. Understanding rsyslog Actions
  7. How To Create/Remove and Mount a Stratis Filesystem in CentOS/RHEL 8
  8. How to query and modify kernel parameters using sysctl (Immediately and persistently) in CentOS / RHEL
  9. How to disable ACPI in CentOS/RHEL 7
  10. Understanding the /etc/exports File

You May Also Like

Primary Sidebar

Recent Posts

  • How to disable ACPI in CentOS/RHEL 7
  • How to Use real-time query to access data on a physical standby database
  • CentOS/RHEL 8: “ACPI MEMORY OR I/O RESET_REG” Server Hung after reboot
  • How to Create a Physical Standby Database by Using SQL and RMAN Commands
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary