Question sent in by anonymous from Chicago
Q: I have aCentOS box and find firewalld confusing and more than I need. I am comfortable with iptables and prefer to use it instead of firewalld. How can I remove firewalld and use iptables instead.
A: A lot of people feel the same way you do when something new is introduced. Both have their merits, but thats a different article all together. To switch from firewalld, install the iptables service then enable it. These instructions should be the same for CentOS 7, Fedora 21, RHEL 7 (Red Hat Enterprise Linux 7) and similar distros.
First let's stop and disable firewalld with the following commands:
systemctl stop firewalld
systemctl disable firewalld
Now let's install the old iptables services package.
yum -y install iptables-services
Now let's start and enable iptables, and we should also do the same for ip6tables (ipv6 firewall).
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
That's it, you are now ready to use iptables. Go ahead and add some rules. Be sure to add rules to both iptables and ip6tables.
NOTE: If you are not familiar with how to secure your system with iptables I suggest you familiarize yourself before attempting the changes. You can get basic information (although not thorough enough) from an old thread here.
One more note is that the old "service iptables save" command we used to use in system v (init) will no longer work in the new systemd. You can use the following command to save your iptables rules:
iptables-save > /etc/sysconfig/iptables
Read this article for an Introduction to Firewalld Basics.
Good luck and be careful!