Question : How to Start or stop firewalld (iptables in earlier version) in CentOS / RHEL 7?
Solution :
The iptables service is replaced with firewalld service in Oracle Linux 7. The command iptables -L will list the set of rules that are in place on node.
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ....
The systemctl command will list all the services that are running on the node. On verifying the service “iptables” does not revert any output back. The service iptables is replaced by name “firewalld”
# systemctl | grep -i iptables # systemctl | grep -i firewall firewalld.service loaded active running firewalld - dynamic firewall daemon
To check the status of the service can use the below command:
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2016-05-29 03:33:25 EDT; 3h 12min ago
Main PID: 830 (firewalld)
CGroup: /system.slice/firewalld.service
└─830 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
Service can stopped by the command below and you can recheck the status:
# systemctl stop firewalld # systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 17s ago Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 830 (code=exited, status=0/SUCCESS) May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.
To disable the service on next boot (chkconfig in RHEL6 and prior), you can execute the below command. By executing the command, the related file links are removed and will not be referred next time.
# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 2min 26s ago Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 830 (code=exited, status=0/SUCCESS) May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.
As seen in the output above the firewalld service is in enabled mode, which means it would start on nextboot. To disable the start on next boot use the below command :
# systemctl disable firewalld rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service'
Verify the status again, to confirm that the service is in disabled mode.
# systemctl disable firewalld rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service' [root@geeklab ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead) May 29 03:33:16 geeklab systemd[1]: Starting firewalld - dynamic firewall daemon... May 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. May 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... May 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.