Use iptables instead of firewalld in RHEL 7 or CentOS 7

If you, like me, can’t get used to the “new” firewalld in RHEL/CentOS 7 or you have some automation scripts that expect iptables, then I’ve got good news for you :) It’s rather easy to disable firewalld and go back to a “normal” iptables configuration as it used to be.

There are no special tricks involved and/or custom actions that would break your system or put it in a way that you have to be affraid of updating.

You can simply do the following:

Install the iptables-services package from the standard repositories:

Stop and disable  firewalld:

Start and enable iptables:

Create your rules in /etc/sysconfig/iptables as you did before or use normal iptables commands and save your rules with iptables itself.

For example: to open TCP port 80:

The result of rules can be viewed with:

That’s all it takes…

2 thoughts on “Use iptables instead of firewalld in RHEL 7 or CentOS 7

  1. I am following all the steps and when I run

    sudo iptables -I INPUT 1 -m state –state NEW -m udp -p tcp –dport 9010 -j ACCEPT

    I am getting this error
    iptables: Invalid argument. Run `dmesg’ for more information.

  2. Pingback: Forward a TCP port to another IP or port using NAT with Iptables - Nguyễn Duy

Leave a Reply

Your email address will not be published. Required fields are marked *