• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL 7 : How to start / Stop or enable / disable Firewalld

by admin

Question : How to Start or stop firewalld (iptables in earlier version) in CentOS / RHEL 7?

Solution :
The iptables service is replaced with firewalld service in Oracle Linux 7. The command iptables -L will list the set of rules that are in place on node.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
....

The systemctl command will list all the services that are running on the node. On verifying the service “iptables” does not revert any output back. The service iptables is replaced by name “firewalld”

# systemctl | grep -i iptables
# systemctl | grep -i firewall
firewalld.service            loaded active running   firewalld - dynamic firewall daemon

To check the status of the service can use the below command:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sun 2016-05-29 03:33:25 EDT; 3h 12min ago
 Main PID: 830 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─830 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.

Service can stopped by the command below and you can recheck the status:

# systemctl stop firewalld
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 17s ago
  Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 830 (code=exited, status=0/SUCCESS)

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

To disable the service on next boot (chkconfig in RHEL6 and prior), you can execute the below command. By executing the command, the related file links are removed and will not be referred next time.

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 2min 26s ago
  Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 830 (code=exited, status=0/SUCCESS)

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

As seen in the output above the firewalld service is in enabled mode, which means it would start on nextboot. To disable the start on next boot use the below command :

# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

Verify the status again, to confirm that the service is in disabled mode.

# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@geeklab ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)

May 29 03:33:16 geeklab systemd[1]: Starting firewalld - dynamic firewall daemon...
May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. idle3: command not found
  2. How to disable IPv6 on CentOS / RHEL 7
  3. a2dissite Command Examples in Linux
  4. Linux OS Service ‘avahi-daemon’
  5. head Command Examples in Linux
  6. pgrep: command not found
  7. goaccess: command not found
  8. Linux OS Service ‘acpid’
  9. How to create virtual block device (loop device/filesystem) in Linux
  10. Log watching using tail or less

You May Also Like

Primary Sidebar

Recent Posts

  • raw: command not found
  • raw Command Examples in Linux
  • rankmirrors Command Examples in Linux
  • radeontop: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright