In today’s world security is everybody’s concern. In this post, I will show you “How to start/stop/disable firewall on Centos 8 using CLI“. You will also learn the difference between iptables and firewalld daemon.
What is Firewall
A Firewall is a way to protect your system or machine from any unwanted outside traffic. It enables you to define a set of rules to protect and control incoming network traffic. You can allow or deny or block traffic using these set of rules.
For example, let’s says, you have two systems with name X and Y. System X is hosting HTTP services and you want to allow port 80, only for system Y. Firewall can help you to achieve this. Only system Y will be able to access HTTP service on System X, nobody else.
Iptables vs Firewalld basic difference
| S.no | Iptables | Firewalld |
|---|---|---|
| 1.) | Exist from a long time, static and connect to Netfilter module | Recently replaced IPtables, Dynamic and it also connects to Netfilter module |
| 2.) | Change in rules require flush of complete table and restart of firewall service | Creation, change and deletion of rules don’t require firewall daemon restart. |
| 3.) | Configuration lies at etc/sysconfig/iptables directory | configuration lies at /etc/firewalld/ directory with set of XML files |
| 4.) | Four tables NAT, Mangle, Filter and Raw table to manage network traffic | Zones and services simplify traffic management |
| 5.) | The command starts with iptables mostly to manage rules | The command starts with firewall-cmd most to manage rules |
Pre-requisite to manage firewall on Centos8
- CentOS 7 or 8 installed on your system
- Terminal
- Firewalld service already installed
How do I check my firewall on CentOS 8?
Step1
You can check Firewalld or any service status in CentOS 8 using service or systemctl command. The output will be the same for both commands.
[root@centos8vm ~]# service firewalld status or [root@centos8vm ~]# systemctl status firewalld
Reference output –
Alternatively, you can run firewall-cmd command also to check state of CentOS firewall.
[root@centos8vm ~]# firewall-cmd --state
Reference output –
How to stop firewall on Centos 8
Step2
To stop Firewalld service, Run any one of the command
[root@centos8vm ~]# service firewalld stop or [root@centos8vm ~]# systemctl stop firewalld
Reference output –
How to start firewall on Centos 8
Step3
Starting is also more or less like stopping firewalld daemon. You just need use start instead of stop in service or systemctl command. One of the below-mentioned commands can be executed if you have stopped firewall service.
[root@centos8vm ~]# systemctl start firewalld or [root@centos8vm ~]# service firewalld start
Reference output –
How to reload firewall on CentOS 8
Step4
If you want to reload firewall on CentOS after making necessary changes and want to avoid restart. You can use systemctl reload command.
[root@centos8vm ~]# systemctl reload firewalld
CentOS 8 – Disable firewall permanently
Step5
Assume, you are using CentOS Virtual machine hosted in the cloud. Then Firewall is taken care of by Security groups and you really don’t need a firewall on the host. So you can disable firewalld service permanently by using systemctl command.
[root@centos8vm ~]# systemctl disable firewalld
and check status of firewalld service. This service will not start after reboot also.
Reference output –
To make sure firewalld is not stared by Firewalld D-Bus interface or any other service, mask firewalld service.
[root@centos8vm ~]# systemctl mask firewalld
CentOS 8 – Enable firewall
Step6
In case you want to enable Firewalld service, Follow this command.
[root@centos8vm ~]# systemctl unmask firewalld
Once unmask is done, run systemctl enable command.
[root@centos8vm ~]# systemctl enable firewalld
Reference output –
How to check firewall settings
To check summary of current firewall setting, run firewall-cmd command.
[root@centos8vm ~]# firewall-cmd --list-all
Reference output –
To get help on firewall-cmd command.
[root@centos8vm ~]# firewall-cmd --help or [root@centos8vm ~]# man firewall-cmd
Reference output truncated –
How to install FIREWALL-CONFIG GUI Tool
[root@centosserver ~]# yum install firewall-config
Reference output truncated –
How to manage firewall configuration using GUI
Run firewall-config command to create zones, services and configure firewall for your system.
root@centosserver ~]# firewall-config
Video Tutorial
Check out this video on “How to start/stop/disable firewall on Centos 8” for better understanding.
Frequently Asked Questions (FAQs)
1.) How do I permanently disable firewall in CentOS 7
Disable service and mask it to /dev/null, so that it cannot be started by any service after reboot also.
[root@centos8vm ~]# systemctl disable firewalld [root@centos8vm ~]# systemctl mask firewalld
2.) How do I know if my firewall is running CentOS 7?
Run systemctl or service command to check existing status of Firewall.
# service firewalld status or # systemctl status firewalld
3.) How do I flush firewall rules in CentOS 7?
To flush firewall rules, run below mentioned command
# iptables -F INPUT
4.) Why is Firewalld better than iptables?
Below mentioned is the difference and explanation on why firewalld is better than iptables.
| S.no | Iptables | Firewalld |
|---|---|---|
| 1.) | Exist from long time, static and connect to netfilter module | Recently replaced IPtables, Dynamic and it also connects to Netfilter module |
| 2.) | Change in rules require flush of complete table and restart of firewall service | Creation, change and deletion of rules don’t require firewall daemon restart. |
| 3.) | Configuration lies at etc/sysconfig/iptables directory | configuration lies at /etc/firewalld/ directory with set of XML files |
| 4.) | Four tables NAT, Mangle, Filter and Raw table to manage network traffic | Zones and services simplifies traffic management |
| 5.) | The command starts with iptables mostly to manage rules | The command starts with firewall-cmd most to manage rules |
5.) Does Firewalld use iptables?
Firewalld is dynamic and connects to Netfilter module like iptables. it is introduced to replace iptables from rhel7 onwards. In backend iptables chains are used to build a management framework.
Checkout firewall stack for further understanding.
Conclusion
I have covered all operations, you can run on firewalld service. These operations are also applicable to any services on CentOS Linux. I hope, it will help you with the understanding of service management in Centos. Also, help you on how to start/stop/disable the firewall on Centos 8 using CLI.
Please leave comment and share it on your social media, if you think it can help someone.
![How to fix “sudo command not found error” with examples [Update 2023]](https://cloudlinuxtech.com/wp-content/uploads/2021/12/Fix-sudo-command-not-found-error-270x161.png)