You need to disable firewalld and install iptables, if you really want use old way: https://www.certdepot.net/rhel7-disable-firewalld-use-iptables/ Firewalld is preferred way. You should learn it.. -- Eero 2016-05-23 5:55 GMT+03:00 Mike <1100100 at gmail.com>: > The last two router/firewall servers I had used Slackware and Gentoo. > I'm used to writing complete and explicit iptables rules; however, when I > set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable. > > For example, I'm used to stating postrouting masquerade as: > > /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j > MASQUERADE > > But when I use the rule above, iptables.service fails upon start and exits. > > Through a series of trial and error, I found a correct masquerade > statement: > > *nat > -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE > COMMIT > > This looks similar to output from iptables-save. > > Another example: > > /usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP > [DOES NOT WORK] > > *filter > -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP > COMMIT > [DOES WORK] > > After using iptables for a long time, I can't figure out where this syntax > comes from. > Can anyone point me in the right direction to understand the proper syntax > necessary in /etc/sysconfig/iptables? > > Thanks for your help. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >