How can I use iptables on centos 7

Question

I installed CentOS 7 with minimal configuration  os   dev tools   I am trying to open 80 port for httpd service  but something wrong with my iptables service     what s wrong with it  What am I doing wrong      ifconfig sbin service iptables save bash  ifconfig sbin service  No such file or directory      sbin service iptables save The service command supports only basic LSB actions  start  stop  restart  try-restart  reload  force-reload  status   For other actions  please try to use systemctl     sudo service iptables status Redirecting to  bin systemctl status  iptables service iptables service    Loaded  not-found  Reason  No such file or directory     Active  inactive  dead      sbin service iptables save The service command supports only basic LSB actions  start  stop  restart  try-restart  reload  force-reload  status   For other actions  please try to use systemctl     sudo service iptables start Redirecting to  bin systemctl start  iptables service Failed to issue method call  Unit iptables service failed to load  No such file or directory

User · Answer

If you do so  and you re using fail2ban  you will need to enable the proper filters actions   Put the following lines in  etc fail2ban jail d sshd local   ssh-iptables  enabled    true filter     sshd action     iptables name SSH  port ssh  protocol tcp  logpath     var log secure maxretry   5 bantime   86400   Enable and start fail2ban   systemctl enable fail2ban systemctl start fail2ban   Reference  http   blog iopsl com fail2ban-on-centos-7-to-protect-ssh-part-ii

User · Answer

RHEL and CentOS 7 use firewall-cmd instead of iptables  You should use that kind of command     add ssh port as permanent opened port firewall-cmd --zone public --add-port 22 tcp --permanent   Then  you can reload rules to be sure that everything is ok  firewall-cmd --reload   This is better than using iptable-save  espacially if you plan to use lxc or docker containers  Launching docker services will add some rules that iptable-save command will prompt  If you save the result  you will have a lot of rules that should NOT be saved  Because docker containers can change them ip addresses at next reboot   Firewall-cmd with permanent option is better for that    Check  man firewall-cmd  or check the official firewalld docs to see options  There are a lot of options to check zones  configuration  how it works    man page is really complete   I strongly recommand to not use iptables-service since Centos 7

User · Answer

I had the problem that rebooting wouldn t start iptables   This fixed it   yum install iptables-services systemctl mask firewalld systemctl enable iptables systemctl enable ip6tables systemctl stop firewalld systemctl start iptables systemctl start ip6tables

User · Answer

And to add  you should also be able to do the same for ip6tables after running the systemctl mask firewalld command       systemctl start ip6tables service     systemctl enable ip6tables service

User · Answer

With RHEL 7   CentOS 7  firewalld was introduced to manage iptables  IMHO  firewalld is more suited for workstations than for server environments   It is possible to go back to a more classic iptables setup  First  stop and mask the firewalld service   systemctl stop firewalld systemctl mask firewalld   Then  install the iptables-services package   yum install iptables-services   Enable the service at boot-time   systemctl enable iptables   Managing the service  systemctl  stop start restart  iptables   Saving your firewall rules can be done as follows   service iptables save   or   usr libexec iptables iptables init save

User · Answer

Put the IPtables configuration in the traditional file and it will be loaded after boot    etc sysconfig iptables

User · Answer

Try the following command iptables-save

User · Answer

Last month I tried to configure iptables on a LXC VM container  but every time after reboot the iptables configuration was not automatically loaded   The only way for me to get it working was by running the following command      yum -y install iptables-services  systemctl disable firewalld  systemctl mask firewalld  service iptables restart  service iptables save

User · Answer

I modified the  etc sysconfig ip6tables-config file changing   IP6TABLES SAVE ON STOP  no    To    IP6TABLES SAVE ON STOP  yes    And this   IP6TABLES SAVE ON RESTART  no    To   IP6TABLES SAVE ON RESTART  yes    This seemed to save the changes I made using the iptables commands through a reboot

[networking] How can I use iptables on centos 7?

Examples related to networking

Examples related to centos

Examples related to iptables

Examples related to systemd