How to replace FirewallD with iptables on CentOS 7

Boot attacks and malware on the websites are the order of the day, and the companies that offer Security Solutions try your best to keep up and face the daily challenges.
In addition to complex software applications, able to identify, analyze and block automatically computer attacks on a web server, there are also manual solutions through which the IPs of the attacks can be blocked.

Starting with 7 CentOS, was entered by default FirewallD as a firewall management utility.
FirewallD is a complete firewall solution that can be configured and run through command lines firewall-cmd. However, not all server administrators are familiar with FirewallD syntax and prefer it iptables instead of this utility.

How to replace FirewallD with iptables on CentOS 7

First we need to have access to Administrator privileges on the operating system. Preferably directly logged in with “root" in terminal or SSH.

1. Stop running the FirewallD service on CentOS 7 by running the command line:

sudo systemctl stop firewalld

2. Disable the automatic start of FirewallD after system restart:

sudo systemctl disable firewalld

3. We mask the FirewallD service to prevent it from being started by another process:

sudo systemctl mask --now firewalld

After this step, the FirewallD service was turned off and completely disabled on CentOS 7.

Installing and running iptables on CentOS 7

The first step is to install the iptables service on CentOS 7.

1. Run the command line for installation iptables services:

sudo yum install iptables-services

2. We start the iptables services for IPv4 and IPv6:

sudo systemctl start iptables
sudo systemctl start ip6tables

3. Activate the automatic start of the iptables service when starting the operating system:

sudo systemctl enable iptables
sudo systemctl enable ip6tables

4. We check if the iptables service is running properly:

sudo systemctl status iptables
sudo systemctl status ip6tables

The above command should return the result:

● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Thu 2020-07-09 07:02:51 UTC; 21min ago
 Main PID: 13765 (code=exited, status=0/SUCCESS)

Jul 09 07:02:51 systemd[1]: Starting IPv4 firewall with iptables...
Jul 09 07:02:51 iptables.init[13765]: iptables: Applying firewall rules: [  OK  ]
Jul 09 07:02:51 systemd[1]: Started IPv4 firewall with iptables.

5. We check the rules in iptables with the command line:

sudo iptables -nvL
sudo ip6tables -nvL

If you have reached this point, you have the service FirewallD off and off, and in its place is installed iptablesThat runs properly and can be administered by command syntaxes specific.

How to replace FirewallD with iptables on CentOS 7

About the author


Passionate about everything that means gadget and IT, I am pleased to write on from 2006 and I love to discover new things about computers and macOS, Linux operating systems, Windows, iOS and Android.

Leave a Comment