Introduction

Firewalld is a dynamically managed firewall solution that supports network zoning. System admins use it to allow and disallow incoming and outgoing traffic dynamically. It supports both IPv4 and IPv6 firewall settings. As of CentOS 7, firewalld (Dynamic Firewall Manager) is the default firewall tool on CentOS servers.

We advise keeping firewalld active and enabled at all times. However, admins might need to disable firewalld for testing or switching to another firewall tool, like iptables.

This tutorial shows you how to disable and stop the firewall on CentOS 7.

how to disable firewall on CentOS 7

Prerequisites

  • A user with sudo privileges
  • Access to a command line (Ctrl-Alt-T)
  • A CentOS 7 machine

Check firewalld Status

Firewalld is enabled by default on every CentOS 7 machine.

To check firewalld status, run the following command from the command line:

sudo systemctl status firewalld

If the firewall is running, you will see bright green text indicating the firewall is active.

active running firewall on CentOS 7

Disabling Firewall On CentOS

You can disable the firewall temporarily or permanently. The sections below provide instructions for both options.

Temporarily Stop firewalld

To temporarily disable the default firewall manager on CentOS 7, use the following command:

sudo systemctl stop firewalld

There will be no confirmation message.

To verify the firewall is disabled:

sudo systemctl status firewalld

You can expect to see Active: inactive (dead).

verification that the firewall is stopped

The systemctl stop firewalld command will disable the service until reboot. Once your runtime session ends and the system reboots, the firewalld service will be active again.

Permanently Disable firewalld

To permanently disable the firewall on CentOS 7, you need to stop the firewall service and then disable it altogether.

To stop the firewall tool, run:

sudo systemctl stop firewalld

As you can see, that is the same command we used to temporarily stop firewalld. Check firewall status.

sudo systemctl status firewalld

The output should state that the service is inactive.

To disable the service from activating upon system boot-up, enter the command in the command line terminal:

sudo systemctl disable firewalld

See image below for the output you can expect:

example screenshot of permanently disabled firewalld on CentOS

You have successfully stopped and disabled the firewall service on your CentOS 7 server. However, other active services might activate firewalld.

To prevent other services from activating firewalld, mask firewalld from other services on the system:

sudo systemctl mask --now firewalld

This creates a symbolic link (symlink) from the firewall service to /dev/null.

The output should appear as the following:

Output
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

Conclusion

By following this tutorial, you learned how to stop and disable the firewall on CentOS 7. Furthermore, you have learned how to mask the firewalld service from other active services.

Good security practices forbid disabling the firewall, especially on live servers. Always be cautious when doing so, even on test environments.