iptables Not Working Properly on CentOS. What happened?

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables, which causes the classic way to set up iptables to break.

RHEL and CentOS 7 use firewall-cmd instead of iptables. You should be using this command:

# add ssh port as permanent opened port
firewall-cmd --zone=public --add-port=22/tcp --permanent

Then, you can reload rules to be sure that everything is ok

firewall-cmd --reload

This is better than using iptable-save, espacially if you plan to use lxc or docker containers. Launching docker services will add some rules that iptable-save command will prompt. If you save the result, you will have a lot of rules that should NOT be saved. Because docker containers can change them ip addresses at next reboot.

Firewall-cmd with permanent option is better for that.

Check "man firewall-cmd" or check the official firewalld docs to see options. There are a lot of options to check zones, configuration, how it works, etc.

It's strongly recommended you use firewall-cmd over the classic iptables.

You COULD use the classic iptables service if you want, however.

First, stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save


/usr/libexec/iptables/iptables.init save

If you have any comments, feel free to post them below or find us on Twitter and Facebook!

Until next time!

May 17 2021

Add or review comments

Please leave your comment

Existing comments

Comments 0