Disable IPtables Centos 7

IPtables is a firewall tool in Linux that allows you to configure the IP packet filter rules of the Linux kernel firewall.

It is a rule-based firewall and comes pre-installed in most Linux operating systems. It works by monitoring incoming and outgoing traffic to and from your server using tables.

Tables contain a set of rules called a chain used to filter the data packets.

On the latest version of CentOS and RHEL operating systems like CentOS/RHEL 7, IPtables tool has been replaced by firewalld tool that provides a dynamically managed firewall.

However, if you are using IPtables for managing the firewall then you may need to disable it from your system in some cases.

In this tutorial, we will explain how to disable IPtables in CentOS 7.

Requirements

  • A system running CentOS 7.
  • A root password is configured.

Verify IPtables

Before starting, you will need to check whether IPtables is installed and running in your system or not.

First, check whether IPtables is installed or not with the following command:

rpm -qa iptables-services

If IPtables is installed, you should get the following output:

iptables-services-1.4.21-34.el7.x86_64

Next, verify whether the IPtables is running or not with the following command:

systemctl status iptables

If IPtables is running, you should get the following output:

● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Mon 2020-10-19 01:26:19 EDT; 4s ago
Process: 1198 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 1198 (code=exited, status=0/SUCCESS)
Oct 19 01:26:19 centos systemd[1]: Starting IPv4 firewall with iptables...
Oct 19 01:26:19 centos iptables.init[1198]: iptables: Applying firewall rules: [ OK ]
Oct 19 01:26:19 centos systemd[1]: Started IPv4 firewall with iptables.

You can now list all IPtables rules with the following command:

iptables -L -n -v

You should get the following output:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
20 1496 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 224 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 18 packets, 2472 bytes)
pkts bytes target prot opt in out source destination

At this point, IPtables is installed and running in your system. You can now proceed to stop and disable the IPtables.

Disable IPtables

First, it is recommended to flush all IPtables rules. You can do it with the following command:

iptables -F

Next, verify IPtables rules with the following command:

iptables -L -n -v

In the following output, you should see that all IPtables rules have been removed:

Chain INPUT (policy ACCEPT 9 packets, 596 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5 packets, 488 bytes)
pkts bytes target prot opt in out source destination

Next, stop the IPtables service by running the following command:

systemctl stop iptables

Next, disable the IPtables service to start at system reboot by running the following command:

systemctl disable iptables

You should get the following output:

Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.

Conclusion

In the above guide, we’ve learned how to disable the IPtables on CentOS 7. We hope you now have enough knowledge to know how to disable the IPtables on CentOS 7. You can also enable the IPtables service again as per your requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *