Linux How To: Install IPTABLES in CentOS 7 / RHEL 7 Replacing FirewallD

CentOS 7 / RHEL 7 doesn’t come with iptables by default. It uses a full functional firewall system called ‘firewalld’. I have been a big fan of iptables and it’s capability from the very first, and since I have switched to CentOS 7, I couldn’t stop using it. I had to stop firewalld and install iptables in all of my CentOS 7 installation and start using iptables rules as I was using before. Here is a small How To guide on installing Iptables and disabling firewalld from a CentOS 7 or RHEL 7 or a similar variant distro.

How to Install IPTABLES in CentOS 7

To begin using iptables, you need to download and install iptables-service package from the repo. It isn’t installed automatically on CentOS 7. To do that, run the following command:

# yum install iptables-services -y

How to stop the firewalld service and start the Iptables service

Once the iptables-serivces package is installed, you can now stop the firewalld and start the iptables. Keeping both kind of network filtering too can create conflicts and it is recommended to use any out of two. To do that run the following:

# systemctl stop firewalld
# systemctl start iptables

Now to disable firewalld from the starting after the boot, you need to disable the firewalld:

# systemctl disable firewalld

To disallow starting firewalld manually as well, you can mask it:

# systemctl mask firewalld

Now you can enable iptables to start at the boot time by enabling iptables using systemctl command:

# systemctl enable iptables

How to check status of iptables in centOS 7

In previous distros, iptables status could be fetched using service command, although, the option is no longer available in CentOS 7. To fetch the iptables status, use the following:

# iptables -S

Iptables save command can still be used using service tool:

# service iptables save

This would save your iptables rules to /etc/sysconfig/iptables as it used to do in previous distros.

‘ca-certificates’ update error

Since the last “ca-certificates” release for RHEL/CentOS 6 or Fedorar 14 with version stating 2013, there is a roaming error of not being able to update “ca-certificate” version starting from 2010 to the latest 2013. The error is somewhat looks the following through yum:

Running Transaction
Updating : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
Error unpacking rpm package ca-certificates-2013.1.94-65.0.el6.noarch
warning: /etc/pki/java/cacerts created as /etc/pki/java/cacerts.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.crt created as /etc/pki/tls/certs/ca-bundle.crt.rpmnew
warning: /etc/pki/tls/certs/ created as /etc/pki/tls/certs/
error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename
Verifying : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
ca-certificates-2010.63-3.el6_1.5.noarch was supposed to be removed but is not!
Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 2/2

ca-certificates.noarch 0:2010.63-3.el6_1.5 ca-certificates.noarch 0:2013.1.94-65.0.el6

The following part of the error to be noted:

error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename

It looks like the new “ca-certificate” is using a new structure. In old versions, “certs” is a folder which contains old certificates. While updating with the new one, it is trying to create a symlink with the /etc/pki/tls/certs/ by removing the old directory, which it fails with yum.

To solve the error, run the following:

$ mv /etc/ssl/certs /etc/ssl/certs.back
$ ln -s /etc/pki/tls/certs /etc/ssl/certs
$ yum update ca-certificate*

This should solve the error.

There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them

While updating CentOS/RHEL system using Yum, the following error appears:

There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them

How do I fix this in CentOS/RHEL 5.x/6.x system?

You have some broken or aborted yum transactions in the system. It was possibly due to yum was forcefully interrupted in the middle of a transaction. To fix this, run the following:

$ yum-complete-transaction

The command can return the following:

$ yum-complete-transaction
bash: yum-complete-transaction: command not found

It means you do not have yum-utils package installed in your system. Run the following to install yum-utils

$ yum install yum-utils

This will install necessary for yum-complete-transaction.

Install rtorrent in RHEL/CentOS

The easiest way to install rtorrent (a command line bittorrent client) is to use the RPMForge Repository. You can install RPMForge using the following artcle How to install RPMForge Repository in RHEL/Centos.

Once you are done, you just need to run the following command to install rtorrent in your RHEL/CentOS (5/6):

yum install libtorrent rtorrent libsigc

libsigc++ is a dependency library for libtorrent. Yum should include it automatically in the installation. RPMForge has the compatible libsigc++ in their repository.

rtorrent: symbol lookup error: rtorrent: undefined symbol

How to fix the error “rtorrent: symbol lookup error: rtorrent: undefined symbol”?

If you have installed rtorrent using RPMForge Repository, you are possibly seeing the error with libtorrent “0.13.2-1”. There is a conflict between the latest libtorrent and rtorrent. The easiest way, I have found to solve the error is to downgrade the libtorrent version using the same repository. Run the following to downgrade the libtorrent:

yum downgrade libtorrent

This should downgrade your libtorrent version to 0.12.9-2, which seems to work fine with rtorrent 0.8.9-2.

How to install RPMForge Repository in RHEL/Centos

RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions.

How to install RPMForge in RHEL 5/Centos 5?

Run the following command to download and install RPMForge in RHEL 5 based systems:


rpm -ivh


rpm -ivh

How to install RPMForge in RHEL 6/Centos 6?

Run the following command to download and install RPMForge in RHEL 6 based systems:

i386 (32bit):

rpm -ivh

x86_64 (64bit):

rpm -ivh

You can install DAG’s GPG key as following:

rpm --import

Now you can install packages from RPMForge, like

yum install libtorrent

To view the complete list of RPMForge Packages, visit the following page: