BestHub
Sign in
Operations 4 min read

Master Linux Firewall: firewalld and iptables Commands Explained

This guide walks you through using Linux's two main firewall tools—firewalld for CentOS 7+ and iptables for older versions—covering installation, service control, rule management, port handling, and useful commands with clear examples and screenshots.

macrozheng
macrozheng
macrozheng
Master Linux Firewall: firewalld and iptables Commands Explained

firewalld (CentOS 7+)

Start the firewall service

<code>systemctl start firewalld</code>

Stop the firewall service

<code>systemctl stop firewalld</code>

Check firewall status

<code>systemctl status firewalld</code>

Enable firewall at boot

<code>systemctl enable firewalld</code>

Disable firewall at boot

<code>systemctl disable firewalld</code>

Reload firewall rules

<code>firewall-cmd --reload</code>

Open a port (requires reload to take effect)

<code>firewall-cmd --zone=public --add-port=8080/tcp --permanent</code>

List opened ports

<code>firewall-cmd --list-ports</code>

Close a port

<code>firewall-cmd --zone=public --remove-port=8080/tcp --permanent</code>
firewalld screenshot
firewalld screenshot

iptables (CentOS < 7)

Installation

Install iptables package

<code>yum install iptables</code>

Install iptables services

<code>yum install iptables-services</code>

Service Control

Start iptables

<code>systemctl start iptables.service</code>

Stop iptables

<code>systemctl stop iptables.service</code>

Check iptables status

<code>systemctl status iptables.service</code>

Enable iptables at boot

<code>systemctl enable iptables.service</code>

Disable iptables at boot

<code>systemctl disable iptables.service</code>

Rule Management

View filter table chains (e.g., INPUT)

<code>iptables -L -n</code>

View NAT table chains

<code>iptables -t nat -L -n</code>

Flush all rules

<code>iptables -F</code>
<code>iptables -X</code>
<code>iptables -Z</code>

Add rule to open port 8080 on INPUT chain

<code>iptables -I INPUT -p tcp --dport 8080 -j ACCEPT</code>

List rule line numbers for INPUT chain

<code>iptables -L INPUT --line-numbers -n</code>

Delete rule by line number (e.g., close port 8080)

<code>iptables -D INPUT 1</code>
iptables filter table screenshot
iptables filter table screenshot
iptables NAT table screenshot
iptables NAT table screenshot
iptables add rule screenshot
iptables add rule screenshot
iptables line numbers screenshot
iptables line numbers screenshot
iptables delete rule screenshot
iptables delete rule screenshot
Linuxnetwork securityiptablessystemctlfirewalld
macrozheng
Written by

macrozheng

Dedicated to Java tech sharing and dissecting top open-source projects. Topics include Spring Boot, Spring Cloud, Docker, Kubernetes and more. Author’s GitHub project “mall” has 50K+ stars.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment