With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables, which causes the classic way to set up iptables to break.
RHEL and CentOS 7 use firewall-cmd instead of iptables. You should be using this command:
# add ssh port as permanent opened port firewall-cmd --zone=public --add-port=22/tcp --permanent
Then, you can reload rules to be sure that everything is ok
This is better than using iptable-save, espacially if you plan to use lxc or docker containers. Launching docker services will add some rules that iptable-save command will prompt. If you save the result, you will have a lot of rules that should NOT be saved. Because docker containers can change them ip addresses at next reboot.
Firewall-cmd with permanent option is better for that.
Check "man firewall-cmd" or check the official firewalld docs to see options. There are a lot of options to check zones, configuration, how it works, etc.
It's strongly recommended you use firewall-cmd over the classic iptables.
You COULD use the classic iptables service if you want, however.
First, stop and mask the firewalld service:
systemctl stop firewalld systemctl mask firewalld
Then, install the iptables-services package:
yum install iptables-services
Enable the service at boot-time:
systemctl enable iptables
Managing the service
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:
service iptables save
Until next time!