Classic ip tables setup in CentOS 7.0

Jun 03 at 4:30pm - admin
Is it possible to go back to a more classic ip tables setup in CentOS 7.0

First, stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service:

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save


/usr/libexec/iptables/iptables.init save

You should use that kind of command:

# add ssh port as permanent opened port
firewall-cmd --zone=public --add-port=22/tcp --permanent

Then, you can reload rules to be sure that everything is ok

firewall-cmd --reload

Some had the problem that rebooting wouldn't start iptables.

This fixed it:

yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables

Although going back to iptables works, It might be safer to stick to firewalld. The command to open the ports would be (add sudo if necessary): firewalld is better suited to the desktop environment.

firewall-cmd --zone=public --add-port=http/tcp --permanent

But it won't work right away since rules are not reloaded when permanently modified. So you can either restart or use

firewall-cmd --reload