How to Disable and Stop firewalld on CentOS or Rocky Linux

Introduction

firewalld is a dynamically managed firewall that supports network zoning and is the default firewall tool on CentOS and Rocky Linux servers. System admins use it to allow and disallow incoming and outgoing traffic dynamically for both IPv4 and IPv6 settings.

To secure your system, keep firewalld active and enabled at all times. Administrators disable the firewall when testing or switching to another firewall tool like iptables.

This tutorial shows how to disable and stop firewalld on CentOS and Rocky Linux.

How to Disable firewalld on CentOS or Rocky Linux

Prerequisites

Check firewalld Status

firewalld is enabled by default on every CentOS and Rocky Linux machine. To see the status, run the following command:

sudo systemctl status firewalld
sudo systemctl status firewalld active (running)

If the firewall is running, the status shows as active (running).

Disabling Firewall on CentOS or Rocky Linux

There are two ways to disable the firewall: temporarily or permanently. The sections below provide instructions for both.

Temporarily Stop firewalld

To temporarily stop the firewalld service, use the following command:

sudo systemctl stop firewalld

There will be no confirmation message. Verify that firewalld is disabled:

sudo systemctl status firewalld
sudo systemctl stop firewalld terminal output

The status shows as inactive (dead). After the system reboots, the firewalld service reactivates.

Permanently Disable firewalld

To permanently turn off the firewall on CentOS or Rocky, stop and disable the firewall service:

1. Stop the firewalld service:

sudo systemctl stop firewalld

2. Disable the service from reactivating upon system boot:

sudo systemctl disable firewalld
systemctl stop and disable firewalld terminal output

The command removes the systemd service symbolic links (symlinks).

3. Other active services can reactivate firewalld. To prevent other services from activating it, mask firewalld from other services on the system:

sudo systemctl mask --now firewalld
sudo systemctl mask --now firewalld terminal output

The command creates a symlink from the firewalld service to /dev/null. The firewall status switches to masked.

Conclusion

This guide showed how to stop and disable the firewalld service on CentOS and Rocky. We also showed how to mask the firewalld service from other active services to avoid reactivation. The best cybersecurity practices forbid disabling firewalls, especially on live servers. Always be cautious when doing so, even in test environments.

Next, see how to set up a firewall on a small BMC instance using iptables.

Was this article helpful?
YesNo
Goran Jevtic
Goran combines his leadership skills and passion for research, writing, and technology as a Technical Writing Team Lead at phoenixNAP. Working with multiple departments and on various projects, he has developed an extraordinary understanding of cloud and virtualization technology trends and best practices.
Next you should read
Security SysAdmin
How to Enable and Use firewalld on CentOS or Rocky Linux
November 6, 2024
In this easy to follow tutorial, learn how to enable and use firewalld in CentOS 7. Learn what firewall zones are and how to work with default...
Read more
Security SysAdmin
How to Enable or Disable UFW Firewall on Ubuntu
August 29, 2024
Ubuntu comes pre-installed with a firewall configuration tool, UFW (Uncomplicated Firewall). This tutorial shows you how to disable...
Read more
Networking Security Web Servers
Best Tools to Monitor Network Bandwidth on a Linux Server
September 19, 2024
There are many different tools for monitoring network traffic on a Linux server. Each option has its strengths and weaknesses....
Read more
Security SysAdmin
How to Configure Windows Server 2012 Firewall
September 17, 2018
Firewalls have become an essential part of every network that has access to the Internet. Without firewalls, anyone would be able to...
Read more