RHEL7: How to disable Firewalld and use Iptables instead.

Share this link

Presentation

If you don’t get used to Firewalld, you can still rely on Iptables by following the instructions below provided by the Fedora project.

Procedure

Install the Iptables package:

# yum install -y iptables-services

Disable the Firewalld service:

# systemctl mask firewalld

Activate the iptables and ip6tables services at boot:

# systemctl enable iptables
# systemctl enable ip6tables

Go to the /etc/sysconfig directory and define your rules in the iptables, ip6tables, iptables-config and ip6tables-config files.

Stop the Firewalld service:

# systemctl stop firewalld

Start the iptables and ip6tables service:

# systemctl start iptables
# systemctl start ip6tables

You can now run the system-config-firewall or the iptables commands without any problem.

Additional Resources

If you have been running Firewalld for some time and want to go back to Iptables without losing your rules, Justin Ellingwood wrote an interesting article about this situation: How To Migrate from FirewallD to Iptables on CentOS 7.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Leave a Reply

1 Comment on "RHEL7: How to disable Firewalld and use Iptables instead."

Notify of
Sort by:   newest | oldest
Lisenet
Member

There is a bug in RHEL 7.1 that prevents the iptables service from being masked. Selinux is preventing the masking of iptables service (on a clean RHEL 7.1):

# systemctl mask iptables
Failed to issue method call: Access denied

Other services can be masked without issues (for example firewalld.service or postfix.service). Putting SELinux in to permissive mode allows masking of iptables.

The version of the policy that has a bug:

# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.13.1-23.el7.noarch

All I can say it good luck everyone taking an RHCE exam on RHEL 7.1

wpDiscuz

RHCSA7: Task of the day

Allowed time: 5 minutes.
Configure a cron task to write the uptime at 2PM every day.

RHCE7: Task of the day

Allowed time: 10 minutes.
Change the SSH process configuration to only listen on the 443 port.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...