Setting up a good firewall is an essential step in ensuring the security of your system. IPtables is the default firewall used on CentOS.

It is a command-line utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on a CentOS system, IPtables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.

Types of Chains

IPtables uses three types of chains, input, output and forward

Input chain is used to control the behaviour of incoming connections for example SSH

Output chain is used for outgoing connections for example ping

Forward chain is used for incoming connections that are not really being delivered locally.

A lot of protocols however require two way communication e.g SSH and ping and as such both chains need to be allowed.

To list the current firewall rules, the command below is issued


This command lists all the firewall rules currently loaded into IPtables.

To open and close a port is CentOS 6, the commands below are executed

Opening a port

iptables -I INPUT -p tcp -m tcp --dport 9042 -j ACCEPT
service iptables save

Closing a port

iptables -I INPUT -p tcp -m tcp --dport 9042 -j REJECT
service iptables save

To open and close a port in CentOS 7, the commands below are used.

Opening a Port

firewall-cmd --zone=public --add-port=9042/tcp --permanent
firewall-cmd --reload

Closing a port

firewall-cmd --zone=public --remove-port=9042/tcp
firewall-cmd --runtime-to-permanent 
firewall-cmd --reload