CentOS/RHEL 8 now uses iptables as the default packet filtering framework, and is also used by firewalld. But if you try starting iptables, it would fail by default. Follow the steps outlined below to disable firewalld and nftables and enable iptables instead.
1. Install the iptables-services package:
# dnf install iptables-services
2. Disable nftables and firewalld:
# systemctl disable nftables firewalld Removed /etc/systemd/system/multi-user.target.wants/nftables.service. Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
3. Stop nftables and firewalld:
# systemctl stop nftables firewalld
4. Configure iptables rules as usual and start the service:
# systemctl start iptables
5. To ensure that iptables is started at each boot, enable the service:
# systemctl enable iptables Created symlink /etc/systemd/system/basic.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
Check that iptables now shows output after enabling iptables:
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination