On version 7 of centos, the firewall is managed by firewalld, this is an interface to configure the firewall on centos7 with iptables.
Although this uses Iptables, you won’t be able to mess around as much as you would like, to be able to setup the firewall the way your want.
To fix this, you can get rid of firewalld and use purely iptables, the way you would on previous versions of centos.
Let’s start by backing up the iptables configuration, in case you have already some rules applied by firewalld:
iptables -S | tee ~/firewalld_iptables_rules
This will generate file “firewalld_iptables_rules” on your home directory
Now let’s install iptables services:
yum install iptables-services
Now create your iptables rules by editing file /etc/sysconfig/iptables
Stop the FirewallD Service and Start the Iptables Service
systemctl stop firewalld && systemctl start iptables
To make sure firewalld is no longer running, run the following command:
Disable the FirewallD Service and Enable the Iptables Services
systemctl disable firewalld
systemctl mask firewalld
systemctl enable iptables
And you’re done, you can now use iptables like you would on previous versions of centos.
What about fail2ban?
By default it’s set to use firewalld to setup rules…
Here’s what you can do to reverse this:
mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.OLD
then go to /etc/fail2ban/jail.d/ and rename the default file there too and build a new one, just with the jails you want.
systemctl restart fail2ban
you’re now using fail2ban correctly on the server.