Introduction

Firewalld is a dynamically managed firewall solution that supports network zoning. System admins use it to allow and disallow incoming and outgoing traffic dynamically. It supports both IPv4 and IPv6 firewall settings. As of CentOS 7, firewalld (Dynamic Firewall Manager) is the default firewall tool on CentOS servers.

We advise keeping firewalld active and enabled at all times. However, admins might need to disable firewalld for testing or switching to another firewall tool, like iptables.

This tutorial will show you how to disable and stop the firewall on CentOS 7.

how to disable firewall on CentOS 7

Prerequisites

  • A user with sudo privileges
  • Access to a command-line (Ctrl-Alt-T)
  • A CentOS 7 machine

Check firewalld Status

Firewalld is enabled by default on every CentOS 7 machine.

To check firewalld status, run the following command from the command-line:

sudo systemctl status firewalld

If the firewall is running, you will see bright green text indicating that the firewall is active, as seen below.

active running firewall on CentOS 7

Disabling Firewall on CentOS

You can disable the firewall temporarily or permanently. The sections below provide instructions for both options.

Temporarily Stop firewalld

To temporarily disable the default firewall manager on CentOS 7, use the following command:

sudo systemctl stop firewalld

There will be no confirmation message.

To verify that firewalld is disabled, type:

sudo systemctl status firewalld

You can expect to see Active: inactive (dead).

verification that the firewall is stopped

The systemctl stop firewalld command will disable the service until reboot. After your runtime session ends and the system reboots, the firewalld service will be active again.

Permanently Disable firewalld

To permanently disable the firewall on CentOS 7, you will need to stop the firewall service and then disable it altogether.

To stop the firewalld tool, run:

sudo systemctl stop firewalld

This is also the same command we used to temporarily stop firewalld. Check firewall status.

sudo systemctl status firewalld

The output should state that the service is inactive.

To disable the service from activating upon system boot-up, enter this command:

sudo systemctl disable firewalld

See the image below for the output you can expect to find:

example screenshot of permanently disabled firewalld on CentOS

You have now successfully stopped and disabled the firewall service on your CentOS 7 server. However, other active services might activate firewalld.

To prevent other services from activating firewalld, mask firewalld from other services on the system:

sudo systemctl mask --now firewalld

This creates a symbolic link (symlink) from the firewalld service to /dev/null.

The output should appear as the following:

Output
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

Conclusion

By following this tutorial, you now know how to stop and disable the firewall on CentOS 7. Furthermore, you have learned how to mask the firewalld service from other active services to avoid reactivation.

Good security practices forbid disabling the firewall, especially on live servers. Always be cautious when doing so, even in test environments.