How can I disable Firewalld on CentOS Linux? That’s is one of the main questions asked on forums and places when you are a beginner working on CentOS systems. The short answer is, you don’t need to disable it, that’s the easy workaround. However, if you don’t have time to play with firewalld and learn how it works, on this tutorial we will show you how to disable it completely.
Firewalld is the firewall solution that comes installed by default on CentOS 7 and CentOS 8, the most recent version of this operating system. It is a good and complete firewall solution for CentOS systems, though it is not the best, and it is possible that you want to completely disable it to install another one, or maybe you just want to get rid of it.
No matter the reason, if you want to disable firewalld on CentOS then you have come to the right place, so stay with us and keep reading.
Contents
What is Firewalld?
But before doing anything it is wise to know what is Firewalld exactly. As we have mentioned, it is a firewall solution, one of the many available to CentOS servers, and the one that will come installed by default in modern versions of this distro.
Since CentOS 7, Firewalld has been the software used to replace iptables as the tool used to manage firewall rules. We already talked a bit about this a few years ago when we did our CentOS 7 vs CentOS 6 comparison. The linked article contains a list of important changes added in CentOS 7, so you may want to check it out if you run any CentOS 6 servers, because that distro’s EOL is coming this year.
In most cases deleting or disabling Firewalld is not necessary. As we said, it is a good firewall, or, better said, a good firewall manager, but it is not the best by any chance and you probably want to try something else, or maybe you actually like it but you need to disable it to do some testing. In any case, let’s see how to disable Firewalld on CentOS.
How to disable Firewalld on CentOS
First off, to disable this firewall manager we are going to need root access or sudo access, which means you need either a user that can run sudo commands or you need to be able to log in as the root user. Any of those will do, so pick your favorite.
firewall-cmd is the management tool for Firwalld on the command line, so first let’s check the status of this service:
firewall-cmd --state
If everything is ok and Firewalld is running fine on your system then you will get a “running” output. If this is not the case it is possible that the tool may already be disabled or it may simply not be running right now.
Wheter it is running or not, to make sure to stop it you only need to run the following command:
systemctl stop firewalld
That will stop the service, but will not disable it permanently, and it will come back online if the system is rebooted, so to completely disable it we need to run this:
systemctl disable firewalld
What does this do? It disables Firewalld on boot, which means that even if the system is rebooted the Firewalld daemon will not come back online. At this time, the only way to start the Firewalld service is doing it manually, which is done with the following commands:
systemctl enable firewalld systemctl start firewalld
This will completely enable the service on boot and start it for the current session. We are not actually interested in this of course, but is good to know and you will need to start it again if you stopped it only for testing.
Other Firewalld commands
There are a few more things that you can do with the Firewalld services besides starting, stoping, disabling and enabling it, so let’s take a look at other commands available:
- reload: you can run systemctl reload firewalld to do a reload of the Firewalld service. What does this mean? It means that the service’s daemon will be reloadad to take any change you have done, without the need to stop the service and starting it again (which is a popular way to make changes take effect).
- reload-or-restart: some services do not provide a reload functionality, so in the case that we are not sure if we should run reload or restart to apply changes, we can simply run systemctl reload-or-restart firewalld. This will attempt to reload the Firewalld service, and in case that functionality is not available it will restart the service.
Conclusion
On this occasion we have learned a few things about Firewalld on CentOS systems: we have learned how to stop the service, we also managed to learn the opposite, that is, enabling and starting it, and of course we learned how to disable firewalld on CentOS, that was the main goal of this article. Finally, we took a look at some other commands that can be used to apply changes to our Firewalld daemon.
Further reading: