- How to Start/Stop and Enable/Disable FirewallD and Iptables Firewall in Linux
- What is FirewallD
- What is Iptables
- How to Start/Stop and Enable/Disable FirewallD Service
- How to Start/Stop and Enable/Disable IPtables Service
- Conclusion
- How to disable firewall in Rocky Linux? [SOLVED]
- Pre-requisites
- Stop Firewalld Manually
- Step-1: Stop firewalld service
- Step-2: Check firewalld service status
- Step-3: Disable firewalld to avoid restart post reboot
- Step-4: Mask the firewalld service
- One liner command to disable and stop firewalld service
- Disable and stop firewalld service using shell script
- Summary
- References
How to Start/Stop and Enable/Disable FirewallD and Iptables Firewall in Linux
Firewall is a software that acts as a shield between user’s system and external network allowing some packets to pass while discarding other’s. Firewall commonly operates on network layer i.e. on IP packets both Ipv4 and Ipv6.
Whether a packet will pass or will be bocked, depends on the rules against such type of packets in the firewall. These rules can be built-in or user-defined ones. Each packet which enters the network has to pass through this shield which verifies it against rules defined in it for such type of packets.
Each rule has a target action which is to be applied in case the packet fails to satisfy it. On Linux systems, firewall as a service is provided by many softwares, most common which are: firewalld and iptables.
In Linux there are many different types of firewalls used, but most standard ones are Iptables and Firewalld, which is going to discuss in this article.
What is FirewallD
FirewallD is the Dynamic Firewall Manager of Linux systems. This service is used to configure the network connections, thus deciding which external network or internal packets to allow traversing the network and which to block.
It allows two types of configurations, permanent and runtime. Runtime configurations will get lost ones the service is restarted while the permanent ones get retained across the system boot so that they are followed every time the service gets active.
Corresponding to these configurations, firewallD has two directories, default/fallback one (/usr/lib/firewall) which is lost ones system is updated and the system configuration (/etc/firewall) which remains permanent and overrides the default one if given. This is found as a default service in RHEL/CentOS 7 and Fedora 18.
What is Iptables
Iptables is another service which decides to allow, drop or return IP packets. Iptables service manages Ipv4 packets while Ip6tables manages Ipv6 packets. This service manages a list of tables where each table is maintained for different purpose like: ‘filter‘ table is for firewall rules, ‘nat‘ table is consulted in case of new connection, ‘mangle‘ in case of packet alterations and so on.
Each table further has chains which can be built-in or user-defined where a chain signifies a set of rules which are applies to a packet, thus deciding what the target action for that packet should be i.e. it must be ALLOWED, BLOCKED or RETURNED. This service is a default service on systems like: RHEL/CentOS 6/5 and Fedora, ArchLinux, Ubuntu etc.
To learn more about firewalls, follow the following links:
In this article we will explain how to start, stop or restart Iptables and FirewallD services in Linux.
How to Start/Stop and Enable/Disable FirewallD Service
If you’re using CentOS/RHEL 7 or Fedora 18+ versions, you should follow below instructions to manage FirewallD service.
Start FirewallD Service
# systemctl start firewalld
Stop FirewallD Service
Check the Status of FirewallD
# systemctl status firewalld
Check the State of FirewallD
As an alternative, you can disable the firewalld service so that it doesn’t apply rules to packets and enable ones needed again.
Disable FirewallD Service
# systemctl disable firewalld
Enable FirewallD Service
# systemctl enable firewalld
Mask FirewallD Service
Also, you can mask the firewall service which creates a symbolic link of the firewall.service to /dev/null , thus disabling the service.
Unmask FirewallD Service
# systemctl unmask firewalld
This is reverse of masking the service. This removes the symlink of the service created during masking, thus re-enabling the service.
How to Start/Stop and Enable/Disable IPtables Service
On RHEL/CentOS 6/5/4 and Fedora 12-18 iptables firewall comes as pre and later, the iptables service can be installed via:
# yum install iptables-services
Then, the service can be started, stopped or restarted via following commands:
Start Iptables Service
# systemctl start iptables OR # service iptables start
Stop Iptables Service
# systemctl stop iptables OR # service iptables stop
Disable Iptables Service
# systemctl disable iptables Or # service iptables save # service iptables stop
Enable Iptables Service
# systemctl enable iptables Or # service iptables start
Check Status of Iptables Service
# systemctl status iptables OR # service iptables status
On Ubuntu and some other Linux distributions however, ufw is the command which is used to manage the iptables firewall service. Ufw provides an easy interface for the user to handle the iptables firewall service.
Enable Ufw Iptables Firewall
Disable Ufw Iptables Firewall
Check Status of Ufw Iptables Firewall
However, if you want to list chains in iptables which contains all the rules following command can help you achieve the same:
Conclusion
These are the techniques which can help you start, stop, disable and enable the packet management services in Linux Based Systems. Different Linux distros can have different services as default, like: Ubuntu can have iptables as the default and pre-installed service, while CentOS can have firewalld as the default configured service for managing incoming and outgoing of IP packets.
Presented in this article are the most common tricks to manage these services on almost all Linux Distros, however, if you find something and would like to add on to this article, your comments are always welcome.
How to disable firewall in Rocky Linux? [SOLVED]
firewalld is an open source, free (GPL-2.0 licensed) firewall management tool for Linux operating systems. It provides firewall capabilities by acting as a front-end for the Linux kernel’s netfilter framework. It has support for IPv4, IPv6 firewall settings and ethernet bridges, and a separation of runtime and persistent configuration options. Firewalld is coded with Python.
A firewall is a must for every server system but there are times when for debugging purpose we would like to stop and disable the firewalld service. In this article, we will examine «How to disable firewall in Rocky Linux».
Although this article is written using Rocky Linux, but the same steps can be used on Ubuntu, Debian, RHEL, CentOS or any other Linux variants having support for firewalld.
Are you sure you want to disable firewalld service instead of adding the right rules?
Here we have written an extensive tutorial covering 30+ firewalld rules along with many other explanations.
Pre-requisites
The user trying to stop and disable firewall must have root or equivalent sudo access to manage firewalld service.
For our lab we will directly use root user to perform the task
Stop Firewalld Manually
Step-1: Stop firewalld service
Before starting we will check the status of firewalld service:
![How to disable firewall in Rocky Linux? [SOLVED]](https://www.golinuxcloud.com/wp-content/uploads/firewalld-1.jpg)
Next we will stop the firewalld service using systemctl command
Step-2: Check firewalld service status
There are a couple of ways you can check the status of your firewalld service:
# firewall-cmd --state not running # systemctl is-active firewalld inactive # systemctl status firewalld
![How to disable firewall in Rocky Linux? [SOLVED]](https://www.golinuxcloud.com/wp-content/uploads/firewalld-11.jpg)
So as we can see in all the commands, our firewalld service is in inactive state.
Step-3: Disable firewalld to avoid restart post reboot
To avoid automated restart of the service, we must disable the service:
# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# systemctl is-enabled firewalld disabled Step-4: Mask the firewalld service
It is still possible for any user with root level access to go ahead and start the service so we can mask the service to avoid startup. This is only optional and may not be required in many cases. But if you really want to be sure that no one starts the service, then you can apply following command:
~]# systemctl mask firewalld Created symlink /etc/systemd/system/firewalld.service → /dev/null. Verify the service status
~]# systemctl status firewalld ○ firewalld.service Loaded: masked (Reason: Unit firewalld.service is masked.) Active: inactive (dead) since Sat 2023-01-07 12:57:01 IST; 1h 39min ago Main PID: 871 (code=exited, status=0/SUCCESS) CPU: 1.537s As you can see, the service is in masked state. So even if we attempt to start the service, it would fail
~]# systemctl start firewalld Failed to start firewalld.service: Unit firewalld.service is masked. To unmask the service, you can execute following command:
~]# systemctl unmask firewalld Removed /etc/systemd/system/firewalld.service. One liner command to disable and stop firewalld service
Instead of executing multiple steps to stop and disable firewalld service, we can achieve this in one liner command:
~]# systemctl disable firewalld --now Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Here we are using —now argument along with systemctl disable command to also apply the changes to runtime environment.
~]# systemctl is-active firewalld inactive ~]# firewall-cmd --state not running
Similarly to enable you can use:
~]# systemctl enable firewalld --now Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service. Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
~]# firewall-cmd --state running ~]# systemctl is-active firewalld active
Disable and stop firewalld service using shell script
Here I have written a shell script which will start/stop/enable/disable/mask/unmask a service based on user input. The same can be used to manager any other systemctl service:
#!/bin/bash state=$1 service=$2 if [[ -z $state ]] || [[ -z $service ]]; then echo "one or more mandatory parameters missing" exit 1 fi function check_service_status < status=`systemctl status $service | grep Loaded: | awk -F " " ''` if [[ $status == "loaded" ]]; then status=`systemctl status $service | grep Active: | awk -F " " ''` elif [[ $status == "masked" ]]; then status="masked" else status="" fi > function start_stop_service < echo "Executing systemctl with $state option for $service service" systemctl $state $service >/dev/null 2>&1 [[ $? -ne 0 ]] && echo "Failed to $state $service service" && exit 1 > function enable_disable_service < state=$1 read -p "Do you want to make permanent changes for reboot? (yes/no) " INPUT if [[ $INPUT == "yes" ]]; then systemctl $state $service >/dev/null 2>&1 [[ $? -ne 0 ]] && echo "$state operation failed for $service service" && exit 1 else echo "user enterred $INPUT, skipping.." fi > function mask_unmask_service < state=$1 systemctl $1 $service >/dev/null 2>&1 [[ $? -ne 0 ]] && echo "$state operation failed for $service service" && exit 1 > # main function if [[ $state == "start" ]]; then mask_unmask_service "unmask" start_stop_service enable_disable_service "enable" else start_stop_service enable_disable_service "disable" mask_unmask_service "mask" fi check_service_status echo "current status of $service service: $status" echo "" echo "Have a Good Day!"Output (starting a service):
~]# sh manage_service.sh start firewalld Executing systemctl with unmask option for firewalld service Do you want to make permanent changes for reboot? (yes/no) yes current status of firewalld service: inactive Have a Good Day!
Output (stopping a service):
~]# sh manage_service.sh stop firewalld Executing systemctl with stop option for firewalld service Do you want to make permanent changes for reboot? (yes/no) yes current status of firewalld service: masked Have a Good Day!
Summary
Attention should be paid to the settings related to the firewall. By checking the running applications and services, a firewall rule should be added and the firewall should be disabled. Access to the server may be lost in an incorrect operation.
Port and service-based firewalls seem simpler to manage, while zone-based firewalls seem to be for more complex systems.
You can also get local help with «—help» for firewall-cmd parameters:
[foc@rocky9 ~]$ firewall-cmd --help Usage: firewall-cmd [OPTIONS. ] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors .
References
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!