Presentation
If you don’t get used to Firewalld, you can still rely on Iptables by following the instructions below provided by the Fedora project.
Procedure
Install the Iptables package:
# yum install -y iptables-services
Disable the Firewalld service:
# systemctl mask firewalld
Activate the iptables and ip6tables services at boot:
# systemctl enable iptables # systemctl enable ip6tables
Go to the /etc/sysconfig directory and define your rules in the iptables, ip6tables, iptables-config and ip6tables-config files.
Stop the Firewalld service:
# systemctl stop firewalld
Start the iptables and ip6tables service:
# systemctl start iptables # systemctl start ip6tables
You can now run the system-config-firewall or the iptables commands without any problem.
Additional Resources
If you have been running Firewalld for some time and want to go back to Iptables without losing your rules, Justin Ellingwood wrote an interesting article about this situation: How To Migrate from FirewallD to Iptables on CentOS 7.
There is a bug in RHEL 7.1 that prevents the iptables service from being masked. Selinux is preventing the masking of iptables service (on a clean RHEL 7.1):
# systemctl mask iptables
Failed to issue method call: Access denied
Other services can be masked without issues (for example firewalld.service or postfix.service). Putting SELinux in to permissive mode allows masking of iptables.
The version of the policy that has a bug:
# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.13.1-23.el7.noarch
All I can say it good luck everyone taking an RHCE exam on RHEL 7.1