Monday, April 27, 2015

Disable CentOS 7 Firewalld replace by iptables

CentOS/RHEL 7 came with the new firewall called Firewalld.

It is bit complicated for me, as I am using iptables firewall from many years. The best part: all Linux came with it and you can use same scrip everywhere.

  1. First Disalbe Firewalld

  2. systemctl stop firewalld
    systemctl disable firewalld

  3. Uninstall it if you are more comfort with iptables

  4. yum erase firewalld

  5. Install iptables service

  6. yum install iptables-services

  7. Enable it in systemd

  8. systemctl start iptables
    systemctl enable iptables

  9. Apply some basic rules

  10. iptables -F
    iptables -X
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    # Accept packets from trusted IP addresses
    iptables -A INPUT -s [MY_IP] -j ACCEPT
    iptables -A OUTPUT -d [MY_IP] -j ACCEPT

    # Accept local nic
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    # Accept port 80
    iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
    iptables -A OUTPUT -m tcp -p tcp --sport 80 -j ACCEPT

    # Allow full outgoing connection but no incomming stuff
    iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

  11. Save changes

  12. Please notice the old "service iptables save" does not work anymore.
    Please use this command to save the changes:

    iptables-save > /etc/sysconfig/iptables

No comments:

Post a Comment