• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL 7 : How to start / Stop or enable / disable Firewalld

By admin

Question : How to Start or stop firewalld (iptables in earlier version) in CentOS / RHEL 7?

Solution :
The iptables service is replaced with firewalld service in Oracle Linux 7. The command iptables -L will list the set of rules that are in place on node.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
....

The systemctl command will list all the services that are running on the node. On verifying the service “iptables” does not revert any output back. The service iptables is replaced by name “firewalld”

# systemctl | grep -i iptables
# systemctl | grep -i firewall
firewalld.service            loaded active running   firewalld - dynamic firewall daemon

To check the status of the service can use the below command:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sun 2016-05-29 03:33:25 EDT; 3h 12min ago
 Main PID: 830 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─830 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.

Service can stopped by the command below and you can recheck the status:

# systemctl stop firewalld
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 17s ago
  Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 830 (code=exited, status=0/SUCCESS)

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

To disable the service on next boot (chkconfig in RHEL6 and prior), you can execute the below command. By executing the command, the related file links are removed and will not be referred next time.

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 2min 26s ago
  Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 830 (code=exited, status=0/SUCCESS)

May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

As seen in the output above the firewalld service is in enabled mode, which means it would start on nextboot. To disable the start on next boot use the below command :

# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

Verify the status again, to confirm that the service is in disabled mode.

# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@geeklab ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)

May 29 03:33:16 geeklab systemd[1]: Starting firewalld - dynamic firewall daemon...
May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How to Setup a sudo Switch to Another User That Has no Password or ssh Key Set in Linux
  2. After Reboot RAID1 Disk Gets Removed/Out of Sync (CentOS/RHEL)
  3. CentOS / RHEL : How to restrict SSH login by time of day
  4. Understanding the /etc/inittab File in Linux
  5. How to Change Kernel Semaphore Limits in CentOS/RHEL
  6. Linux OS Service ‘psacct’
  7. Linux File/Directory Permissions cheat sheet
  8. How to check rpm package integrity in Linux
  9. How to set custom device names using udev in CentOS/RHEL 7
  10. Linux OS Service ‘microcode_ctl’

You May Also Like

Primary Sidebar

Recent Posts

  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • How Realms Work in Oracle Database Vault
  • How to use Privilege Analysis in Oracle Database
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary