RHEL7: How to disable Firewalld and use Iptables instead.

Share this link


If you don’t get used to Firewalld, you can still rely on Iptables by following the instructions below provided by the Fedora project.


Install the Iptables package:

# yum install -y iptables-services

Disable the Firewalld service:

# systemctl mask firewalld

Activate the iptables and ip6tables services at boot:

# systemctl enable iptables
# systemctl enable ip6tables

Go to the /etc/sysconfig directory and define your rules in the iptables, ip6tables, iptables-config and ip6tables-config files.

Stop the Firewalld service:

# systemctl stop firewalld

Start the iptables and ip6tables service:

# systemctl start iptables
# systemctl start ip6tables

You can now run the system-config-firewall or the iptables commands without any problem.

Additional Resources

If you have been running Firewalld for some time and want to go back to Iptables without losing your rules, Justin Ellingwood wrote an interesting article about this situation: How To Migrate from FirewallD to Iptables on CentOS 7.

You can also have a look at this Introduction to IPTables.

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.25 out of 5)
One comment on “RHEL7: How to disable Firewalld and use Iptables instead.
  1. Lisenet says:

    There is a bug in RHEL 7.1 that prevents the iptables service from being masked. Selinux is preventing the masking of iptables service (on a clean RHEL 7.1):

    # systemctl mask iptables
    Failed to issue method call: Access denied

    Other services can be masked without issues (for example firewalld.service or postfix.service). Putting SELinux in to permissive mode allows masking of iptables.

    The version of the policy that has a bug:

    # rpm -q selinux-policy-targeted

    All I can say it good luck everyone taking an RHCE exam on RHEL 7.1

Leave a Reply

Upcoming Events (Local Time)

There are no events.

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create a new user account called "bob" with password "redhat" and set expiration in one week.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria and back up the database with mysqldump.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...