[CentOS] Disabling Firewall/iptables on CentOS 7??
James Pifer
jep at obrien-pifer.com
Fri Mar 24 21:41:48 UTC 2017
On 3/24/2017 3:16 AM, Łukasz Posadowski wrote:
> Data Wed, 22 Mar 2017 19:56:03 -0400
> James Pifer <jep at obrien-pifer.com> wrote:
>
>> I apologize if this has been asked and answered, but I googled and
>> attempted things for several hours today without success.
> Iptables isn't used by default, at least not directly. Easiest way to
> do dosable firewall is:
> # systemctl mask firewalld
> and restart the machine.
>
> 192.168.122. subnet is something for libvirt and KVM. I have it
> completely disabled on my locals and VPSes without any problem.
>
> If You write specific rules in /etc/sysconfig/iptables
> and /etc/sysconfig/ip6tables, with
> -F
> -X
> -P INPUT DROP
> at the beginning, any trace of 192.168.122 will be gone. Here's mine
> ipv4 rules for my local machines:
> ------------------------
> *filter
> -F
> -X
> -P INPUT DROP
> -A INPUT -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> # localhost
> -A INPUT -i lo -j ACCEPT
>
> # ping
> -A INPUT -p icmp -j ACCEPT
>
> # ssh
> -A INPUT -s 192.168.234.0/24 -p tcp --dport 22 -j ACCEPT
>
> COMMIT
> ------------------------
>
Thanks for the help.
Basically I was making it more complex than it needed to be. Disabling
firewalld and removing the libvirt NIC did the job.
Thanks
James
More information about the CentOS
mailing list