Replace firewalld with iptables on Fedora Server and CentOS/RHEL



If you would like to use iptables instead of firewalld on Fedora Server or CentOS/RHEL, this is what you have to do:

1) Install iptables

Fedora Server:

# dnf -y install iptables-services

CentOS/RHEL:

# yum -y install iptables-services

2) Disable firewalld

# systemctl disable firewalld.service
# systemctl mask firewalld.service
# systemctl stop firewalld.service

3) Enable iptables

# systemctl start iptables.service
# systemctl start ip6tables.service
# systemctl enable iptables.service
# systemctl enable ip6tables.service

4) Configure iptables

# iptables -F
# iptables -L -n
# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p xxx --dport xx -j ACCEPT
# iptables -A INPUT -j DROP
# iptables -I INPUT 1 -i lo -j ACCEPT
# service iptables save

NOTE: Up there, xxx represents tcp/udp and xx represent the port you want opened; Repeat this rule for each port you want opened at your server.

Reboot and that's all.

P.S. If you're using ipv6, make sure your /etc/sysconfig/ip6tables file contain the same rules as /etc/sysconfig/iptables accordingly.