How To Configuration Iptables Firewall on CentOS

Configuration Iptables Firewall on CentOS

In this tutorial, we will show you how to configure Iptables firewall on CentOS. For those of you who didn’t know, Iptables is a versatile tool for Linux, serving as a crucial component for network security. It operates by allowing or blocking traffic based on a set of rules, effectively acting as a firewall. In CentOS, iptables are particularly important for safeguarding the system against unauthorized access and attacks.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step configure Iptables Firewall on a CentOS server.


  • A server running one of the following operating systems: CentOS or RHEL-based.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A network connection or internet access.
  • Mention the need for sudo privileges on a CentOS server and a basic understanding of the CLI.

Configuration Iptables Firewall on CentOS

Step 1. Disable FirewallD

CentOS uses FirewallD by default. To use iptables, you must disable FirewallD with the following commands:

sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl mask firewalld

Step 2. Installing iptables on CentOS.

You can use the following procedure to verify that iptables have been installed and view the status of iptables. Open the terminal and type the following command:

iptables -V
sudo yum info iptables

Configuration Iptables Firewall on CentOS

If the above message does not appear, you can type the following command to install iptables:

sudo yum  install iptables

Start and enable iptables to run on boot:

sudo systemctl start iptables
sudo systemctl enable iptables

Verify the service status:

sudo systemctl status iptables

Step 3. Configuring iptables Rules.

  • Configuring iptables Rules

Check existing rules with:

sudo iptables -L

Flush current rules:

sudo iptables -F

Set default policies:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

Add basic rules for services like SSH (port 22), HTTP (port 80), and HTTPS (port 443):

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  • Creating Custom Chains

Create a custom chain:

sudo iptables -N MY_CHAIN

Implement stateful inspection:

sudo iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT

Set up NAT and port forwarding:

sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80

Manage IP blacklists/whitelists:

sudo iptables -A INPUT -s -j DROP
sudo iptables -A INPUT -s -j ACCEPT
  • Debugging iptables

Inspect rules with verbose output:

sudo iptables -L -v

Log dropped packets:

sudo iptables -A INPUT -j LOG --log-prefix "DROPPED: "

Check iptables status:

sudo systemctl status iptables

Congratulations! You have successfully Configured Firewall. Thanks for using this tutorial for Configuration Iptables Firewall in the CentOS system. For additional help or useful information, we recommend you check the official CentOS website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button