Disabling CentOS 7.0's Default Firewall and Configuring iptables

Disabling CentOS 7.0’s Default Firewall and Configuring iptables

Operating System Environment:
CentOS Linux Release 7.0.1406 (Core) 64-bit

Step 1: Disable the Default Firewall

To turn off the default firewall on CentOS 7.0, which is based on firewalld, follow these steps:

1. Shut down the firewall: Run the following commands to stop and disable the firewalld service:

   systemctl stop firewalld.service
   systemctl disable firewalld.service
   

   The systemctl command is used to manage system services, including the firewalld service. The stop command stops the service, and the disable command prevents the service from starting automatically at boot time.

2. Verify the firewall status: Use the following command to check the status of the default firewall:

   firewall-cmd --state
   

   This command will display the status of the firewall. If the firewall is disabled, it will show “notrunning.”

Step 2: Configure iptables

iptables is a powerful firewall that can be used to filter network traffic. To configure iptables, follow these steps:

1. Edit the iptables configuration file: Open the iptables configuration file using the following command:

   vi /etc/sysconfig/iptables
   

   This will open the file in the vi editor. You can edit the file manually or use the system-config-firewall tool to configure the firewall.

2. Sample iptables configuration: The following is a sample configuration for iptables:

   *filter
   :INPUT ACCEPT [0: 0]
   :FORWARD ACCEPT [0: 0]
   :OUTPUT ACCEPT [0: 0]
   
   -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A INPUT -p icmp -j ACCEPT
   -A INPUT -i lo -j ACCEPT
   -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
   -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
   -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
   -A INPUT -j REJECT --reject-with icmp-host-prohibited
   -A FORWARD -j REJECT --reject-with icmp-host-prohibited
   COMMIT
   

   This configuration allows incoming traffic on ports 22, 80, and 8080, while blocking all other incoming traffic.

3. Save and exit: Save the changes to the iptables configuration file and exit the editor.

4. Restart the iptables service: Run the following command to restart the iptables service and apply the new configuration:

   systemctl restart iptables.service
   

   This will restart the iptables service and apply the new configuration.

5. Enable the iptables service: Run the following command to enable the iptables service to start automatically at boot time:

   systemctl enable iptables.service
   

Note: When adding new rules to the iptables configuration, remember to add them above the last rule, otherwise the firewall will not restart properly.