IPTables won't start automatically after reboot - Red Hat 7

Question

In Red Hat 7 I'm trying to force the IP tables service to start automatically after reboot. Currently, after every reboot I need to run the command:

sudo systemctl start iptables

I've tried setting

sudo chkconfig iptables on

but it isn't running.

In my file /etc/sysconfig/iptables-config I've set

IPTABLES_SAVE_ON_STOP="yes" IPTABLES_SAVE_ON_RESTART="yes"

Can someone let me know how to set this to start on reboot?

You need to sit down with the documentation, things have moved on in the RHEL firewall world. — user9517, Jun 03 '16 at 06:53
`firewall-cmd --zone=public --add-service=http --permanent` and `firewall-cmd --zone=public --add-service=https --permanent` and then `firewall-cmd --reload` — David Tonhofer, Nov 22 '17 at 16:22

score 5 · Accepted Answer · answered Jun 03 '16 at 06:30

As per RHEL7/Centos7 there is no iptables service available in the default install. Instead they want you to use firewalld which is turned on by default. (see man firewall-cmd for more information on how to operate firewalld )

If you want to use iptables u need to install iptables-services and enable them with systemctl enable iptables. You will need to turn off firewalld with systemctl disable firewalld.

If there isn't a really specific reason to use iptables or chkconfig I would advise you not use them. Instead I would invest in learning how firewalld and systemctl works.

score 0 · Answer 2 · edited Jun 03 '16 at 05:53

0

Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. For netfilter rules to persist through a system reboot, they need to be saved first.

To save rules, type the following command as root:

iptables-save

or

service iptables save

After this restart the iptables service.

service iptables restart

You can modify the service commands to start or stop service as per your flavour of linux.

edited Jun 03 '16 at 05:53

HBruijn

77,029
24
135
201

answered Jun 03 '16 at 03:52

imvikasmunjal

753
7
14

That didn't work. I still need to run the command every time that I restart. – user2694306 Jun 03 '16 at 04:07
Indeed, the files `/etc/sysconfig/iptables` (and `/etc/sysconfig/ip6tables`) to which should be written by the commands above (though not as given: the commands write to stdout, so you really would have to do `iptables-save > /etc/sysconfig/iptables`) are not read on boot. Time for `firewalld` then. – David Tonhofer Nov 22 '17 at 16:12

BVB Media · Answer 3 · 2018-04-12T08:20:01.783

0

This worked for me:

Install iptables services (since CentOS 7 the default firewall is firewalld, so we have to install the iptables service ourselves)

yum -y install iptables-services;

Disable firewalld service (which is the default in CentOS 7)

systemctl disable firewalld;

Mask firewalld service (to prevent SysOp from accidently starting the service)

systemctl mask firewalld;

Start iptables

service iptables restart;

Save iptables rules to disk so that after reboot these rules will be applied

service iptables save;

edited Apr 12 '18 at 08:20

answered Feb 15 '17 at 22:50

BVB Media

101
1

2

Write more it works and what it does. You could split the command into new lines, instead of this semicolon-separated ultralong line. There is a vote about your answer, if it loses, it will be deleted. – peterh Feb 15 '17 at 23:17