Iptables on centos7

This post will show you how to use iptables on centos7. Centos7 has moved its firewall service to firewalld, away from iptables, but if you have been running centos for a while (I’ve been running iptables since I moved from ipchains), you will no doubt have a big list of iptables rules that you have crafted over time and rather than re-write all your rules its easy enough to keep using your existing rules from iptables on centos7 for now (you’ll have to re-write your firewall rules at some point in the future though)

iptables on centos7

A quick google to find some information found this stackoverflow answer which provided the guts of this post

iptables on centos7

First, stop and mask the firewalld service (This prevents it from starting in the future):

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package using yum:

yum install iptables-services

Next, enable the iptables service at boot-time:

systemctl enable iptables

You can manage the iptables service using systemctl

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done the way you are used to:

service iptables save


/usr/libexec/iptables/iptables.init save

If you have an existing iptables rule list (usually in /etc/sysconfig/iptables) then you can copy the rules over from a centos6 or earlier machine. Copy the iptables rules to the same location (/etc/sysconfig/iptables) in your centos7 machine and then you can run

systemctl restart iptables

To have those rules loaded (you can still do ‘service iptables restart’, which gets mapped to systemctl anyway)

Leave a Reply