With each new day, system admins keep receiving dangerous cyber attacks on their servers and workstations. They must have an accurately defined, well-configured, and highly secured defense mechanism to protect their computer environment.

A firewall is a complete defense system that restricts or allows external traffic into your network. CentOS 7 originally had iptables as its firewall management system. This got replaced by a much more intuitive and powerful “FIREWALLD.” As FirewallD is the main defense mechanism for CentOS 7, it is equipped to stay enabled by default.

Having your FirewallD enabled is a great idea. But your system admins might need to make changes in a few instances. Stopping or completely disabling your FirewallD would become mandatory to perform these tasks.

If you want to learn to stop and disable the FirewallD in your CentOS 7 server, this guide is for you. 

Why is it necessary to stop or disable the FirewallD in CentOS 7?

This is the first question that would flash before anyone.

As a user, you might have faced a situation where rebooting a computer may resolve the glitch. Similarly, stopping or disabling a non-responding service or a module and reactivating it generally clears your path, and the computer would start performing smoothly. You might also need to make a few modifications for which a service or a task must be disabled.

This same rule applies to a FirewallD in CentOS 7. In CentOS 7, the FirewallD blocks all the ports and restricts their traffic. Your system administrator might want to test another firewall or a security application for its accuracy, user-friendliness, and applicability. He might also want to try his hands at a cPanel plugin for managed VPS or dedicated servers. But all of these would not become possible with your FirewallD being online.

A very simple solution would be to stop or disable the FirewallD temporarily.

What are the primary requirements?

There are 3 primary requirements you must consider before deploying this task.

1. You should have a well-configured system running CentOS 7.
2. Your user account must have sudo privileges.
3. You should have access to the command line interface (Ctrl+Alt+T)

---

Once the above 3 primary requirements are taken care of, you must perform the following tasks.

• Verify the status of FirewallD
• Stop the FirewallD (Temporarily)
• Disable the FirewallD (Permanently)

Verify the status of Firewalld

Before progressing, you must verify if the FirewallD is Active.

• Login to SSH using your sudo user.
• Run the following command to verify the FirewallD status.

systemctl status firewalld.service

• Check the output.

If you see a Green Circle (🟢) preceding firewalld.service, it means that the Firewalld is active.

The Active row status will show as active (running).

The Loaded row status will tell you if the FirewallD service is set to restart (become online) once the system is rebooted.

Stop the FirewallD (Temporarily)

• To stop or disable the FirewallD temporarily, use the following command. Running this command works only for your current session.

systemctl stop firewalld.service

• Run the following command to verify if the FirewallD is inactive (offline).

systemctl status firewalld

If you see a White Circle (◯) preceding firewalld.service, the Firewalld is inactive.

The Active row status will show as inactive (dead).

Once your desired task gets completed, use the following command to activate the FirewallD.

systemctl start firewalld

Disable the FirewallD (Permanently)

If you want to disable the FirewallD permanently, use the following command.

systemctl disable firewalld

Confirm the status of the FirewallD using the following command.

systemctl start firewalld

You must check if your system has services or applications that need the FirewallD to be active. They would try to activate a disabled FirewallD. Hence, it will help to MASK (hide) your FirewallD to prevent it from activating after a reboot.

Run the following command to Mask your FirewallD.

systemctl mask –now firewalld

Once the Mask command gets deployed, it will create a symlink from the firewalld service to /dev/null. This is visible from the output.

Output


			 Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

Once your desired task gets completed, use the following command to activate the FirewallD.

systemctl start firewalld

Conclusion

We trust this guide has served its purpose right. You must have by now learned to check the status of your FirewallD. Besides stopping, disabling, and masking your FirewallD, you must have learned to activate it once the desired tasks get accomplished.

The overall process looks simple. Given the security perspective, it is advisable to keep your FirewallD enabled. Only if the situation demands should you disable your FirewallD. Enabled FirewallD will protect your system and the connected environment from unnecessary infiltrations. This equally stands true for live and test environments.