Introduction
Firewalld is a dynamically managed firewall solution that supports network zoning. System admins use it to allow and disallow incoming and outgoing traffic dynamically. It supports both IPv4 and IPv6 firewall settings. As of CentOS 7, firewalld (Dynamic Firewall Manager) is the default firewall tool on CentOS servers.
We advise keeping firewalld active and enabled at all times. However, admins might need to disable firewalld for testing or switching to another firewall tool, like iptables.
This tutorial will show you how to disable and stop the firewall on CentOS 7.
Prerequisites
- A user with sudo privileges
- Access to a command-line (Ctrl-Alt-T)
- A CentOS 7 machine
Check firewalld Status
Firewalld is enabled by default on every CentOS 7 machine.
To check firewalld status, run the following command from the command-line:
sudo systemctl status firewalldIf the firewall is running, you will see bright green text indicating that the firewall is active, as seen below.
Disabling Firewall on CentOS
You can disable the firewall temporarily or permanently. The sections below provide instructions for both options.
Temporarily Stop firewalld
To temporarily disable the default firewall manager on CentOS 7, use the following command:
sudo systemctl stop firewalldThere will be no confirmation message.
To verify that firewalld is disabled, type:
sudo systemctl status firewalldYou can expect to see Active: inactive (dead).
The systemctl stop firewalld command disables the service until reboot. After your runtime session ends and the system reboots, the firewalld service will be active again.
Permanently Disable firewalld
To permanently disable the firewall on CentOS 7, you will need to stop the firewall service and then disable it altogether.
To stop the firewalld tool, run:
sudo systemctl stop firewalldThis is also the same command we used to temporarily stop firewalld. Check firewall status.
sudo systemctl status firewalldThe output should state that the service is inactive.
To disable the service from activating upon system boot-up, enter this command:
sudo systemctl disable firewalldSee the image below for the output you can expect to find:
You have now successfully stopped and disabled the firewall service on your CentOS 7 server. However, other active services might activate firewalld.
To prevent other services from activating firewalld, mask firewalld from other services on the system:
sudo systemctl mask --now firewalldThis creates a symbolic link (symlink) from the firewalld service to /dev/null.
The output should appear as the following:
Output
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.Conclusion
By following this tutorial, you now know how to stop and disable the firewall on CentOS 7. Furthermore, you have learned how to mask the firewalld service from other active services to avoid reactivation.
Good security practices forbid disabling the firewall, especially on live servers. Always be cautious when doing so, even in test environments.
