Default installations of the CentOS 7 Linux operating system have the firewalld firewall installed and enabled by default as a security measure, but how can we disable it?
In this quick guide we will show you how to disable both firewalld or iptables in CentOS 7 through the command line.
Note: The firewall is enabled by default for good reason. Blocking traffic from unwanted sources to our Linux system helps improve the security. Rather than fully disabling the firewall, it is recommended that you instead learn how to use firewalld.
Disable Firewalld In CentOS 7
Firewalld is installed and enabled by default, on my CentOS 7 minimal system we can confirm this as shown below.
[[email protected] ~]# systemctl is-enabled firewalld enabled
Being enabled means that the service will start automatically during system boot. We can see here that firewalld is both active and enabled. We can disable it as shown below.
[[email protected] ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
Now that firewalld is disabled, it will not automatically start on system boot. This does not however stop the current running instance of firewalld, as we can see below it still has a status of active meaning that firewalld is currently running.
[[email protected] ~]# systemctl is-active firewalld active
To stop firewalld from running, we must stop it separately, as shown below.
[[email protected] ~]# systemctl stop firewalld
Now if we query whether firewalld is running and enabled, we should see that it has been disabled.
[[email protected] ~]# systemctl is-enabled firewalld disabled [[email protected] ~]# systemctl is-active firewalld unknown
Despite being disabled, it is still currently possible for the firewalld service to be started manually with the ‘systemctl start firewalld’ command. To completely prevent it from being manually started the service must be masked.
[[email protected] ~]# systemctl mask firewalld Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
Now even if we try to manually start firewalld it will fail.
[[email protected] ~]# systemctl start firewalld Failed to start firewalld.service: Unit firewalld.service is masked.
Disable Iptables In CentOS 7
As mentioned by default firewalld is in use in CentOS 7, however it is possible that firewalld may have been removed and the traditional iptables has been installed instead. If this is the case, the same commands will be used, except we will specify iptables in the instance of firewalld.
systemctl stop iptables systemctl disable iptables systemctl mask iptables
It’s worth noting that iptables and firewalld are mutually exclusive, only one should be running at any one time. Therefore, even if we do wish to use either firewalld or iptables we should ensure that the opposite service is completely stopped, disabled, and masked so that it will not interfere.
As shown we can easily disable the firewall in CentOS 7, whether that be the default firewalld, or iptables. While this is not recommended in a production environment, there may be times that you wish to temporarily stop or disable the firewall and this is how it can be done.