Enabling iptables Firewall¶
Prerequisites¶
- A burning, unquenchable desire to disable the default firewalld application, and enable iptables.
This Process Is Deprecated
As of Rocky Linux 9.0, iptables
and all of the utilities associated with it, are deprecated. This means that future releases of the OS will be removing iptables
. For that reason, it is highly recommended that you do not use this process. If you are familiar with iptables, we recommend using iptables
Guide To firewalld
. If you are new to firewall concepts, then we recommend firewalld
For Beginners.
Introduction¶
firewalld is now the default firewall on Rocky Linux. firewalld was nothing more than a dynamic application of iptables using xml files that loaded changes without flushing the rules in CentOS 7/RHEL 7. With CentOS 8/RHEL 8/Rocky 8, firewalld is now a wrapper around nftables. It is still possible, however, to install and use straight iptables if that is your preference. To install and run straight iptables without firewalld you can do so by following this guide. What this guide will not tell you is how to write rules for iptables. It is assumed that if you want to get rid of firewalld, you must already know how to write rules for iptables.
Disabling firewalld¶
You can't really run the old iptables utilities alongside firewalld. They're just not compatible. The best way to get around this is to disable firewalld entirely (no need to uninstall it unless you want to) , and reinstall the iptables utilities. Disabling firewalld can be done using these commands:
Stop firewalld:
systemctl stop firewalld
Disable firewalld so it won't start on boot:
systemctl disable firewalld
Mask the service so that it can't be found:
systemctl mask firewalld
Installing And Enabling iptables Services¶
Next, we need to install the old iptables services and utilities. This is done with the following:
dnf install iptables-services iptables-utils
This will install everything that is needed to run a straight iptables rule set.
Now we need to enable the iptables service to make sure that it starts on boot:
systemctl enable iptables
Conclusion¶
You can return to using straight iptables if you prefer it over firewalld. You can return to using the default firewalld by simply reversing these changes.
Author: Steven Spencer
Contributors: Ezequiel Bruni, Ganna Zhyrnova