How to start/stop/disable firewall on Centos 8 using CLI {update 2021}

In today's world security is everybody's concern. In this post, I will show you "How to start/stop/disable firewall on Centos 8 using CLI". You will also learn the difference between iptables and firewalld daemon.

What is Firewall

A Firewall is a way to protect your system or machine from any unwanted outside traffic. It enables you to define a set of rules to protect and control incoming network traffic. You can allow or deny or block traffic using these set of rules.

For example, let's says, you have two systems with name X and Y. System X is hosting HTTP services and you want to allow port 80, only for system Y. Firewall can help you to achieve this. Only system Y will be able to access HTTP service on System X, nobody else.

Iptables vs Firewalld basic difference

S.noIptablesFirewalld
1.)Exist from a long time, static and connect to Netfilter moduleRecently replaced IPtables, Dynamic and it also connects to Netfilter module
2.)Change in rules require flush of complete table and restart of firewall serviceCreation, change and deletion of rules don't require firewall daemon restart.
3.)Configuration lies at etc/sysconfig/iptables directoryconfiguration lies at /etc/firewalld/ directory with set of XML files
4.)Four tables NAT, Mangle, Filter and Raw table to manage network trafficZones and services simplify traffic management
5.)The command starts with iptables mostly to manage rulesThe command starts with firewall-cmd most to manage rules

Pre-requisite to manage firewall on Centos8

How do I check my firewall on CentOS 8?

Step1

You can check Firewalld or any service status in CentOS 8 using service or systemctl command. The output will be the same for both commands.

[root@centos8vm ~]# service firewalld status
or
[root@centos8vm ~]# systemctl status firewalld

Reference output -

check-firewall-status-centos

Alternatively, you can run firewall-cmd command also to check state of CentOS firewall.

[root@centos8vm ~]# firewall-cmd --state

Reference output -

check-firewall-status-centos-using-firewall-cmd

How to stop firewall on Centos 8

Step2

To stop Firewalld service, Run any one of the command

[root@centos8vm ~]# service firewalld stop
or
[root@centos8vm ~]# systemctl stop firewalld

Reference output -

stop-firewall-on-centos8

How to start firewall on Centos 8

Step3

Starting is also more or less like stopping firewalld daemon. You just need use start instead of stop in service or systemctl command. One of the below-mentioned commands can be executed if you have stopped firewall service.

[root@centos8vm ~]# systemctl start firewalld
or
[root@centos8vm ~]# service firewalld start

Reference output -

start-firewall-on-centos8

How to reload firewall on CentOS 8

Step4

If you want to reload firewall on CentOS after making necessary changes and want to avoid restart. You can use systemctl reload command.

[root@centos8vm ~]# systemctl reload firewalld

CentOS 8 - Disable firewall permanently

Step5

Assume, you are using CentOS Virtual machine hosted in the cloud. Then Firewall is taken care of by Security groups and you really don't need a firewall on the host. So you can disable firewalld service permanently by using systemctl command.

[root@centos8vm ~]# systemctl disable firewalld

and check status of firewalld service. This service will not start after reboot also.

Reference output -

disable-firewall-on-centos8

To make sure firewalld is not stared by Firewalld D-Bus interface or any other service, mask firewalld service.

[root@centos8vm ~]# systemctl mask firewalld
how-to-mask-firewall-service-on-centos8

CentOS 8 - Enable firewall

Step6

In case you want to enable Firewalld service, Follow this command.

[root@centos8vm ~]# systemctl unmask firewalld

Pro Tip -
Trying to enable firewall service without unmasking first, may result in an error. "Failed to enable unit: Unit file /etc/systemd/system/firewalld.service is masked".

Once unmask is done, run systemctl enable command.

[root@centos8vm ~]# systemctl enable firewalld

Reference output -

how-to-enable-firewall-on-centos8

How to check firewall settings

To check summary of current firewall setting, run firewall-cmd command.

[root@centos8vm ~]# firewall-cmd --list-all

Reference output -

check-existing-firewall-setting-centos

To get help on firewall-cmd command.

[root@centos8vm ~]# firewall-cmd --help
or 
[root@centos8vm ~]# man firewall-cmd

Reference output truncated -

get-help-firewall-cmd-centos

How to install FIREWALL-CONFIG GUI Tool

[root@centosserver ~]# yum install firewall-config

Reference output truncated -

how-to-install-firewall-config-tool-on-centos8

How to manage firewall configuration using GUI

Run firewall-config command to create zones, services and configure firewall for your system.

root@centosserver ~]# firewall-config
firewall-config-gui-centos8

Video Tutorial

Check out this video on "How to start/stop/disable firewall on Centos 8" for better understanding.

Frequently Asked Questions (FAQs)

1.) How do I permanently disable firewall in CentOS 7

Disable service and mask it to /dev/null, so that it cannot be started by any service after reboot also.

[root@centos8vm ~]# systemctl disable firewalld
[root@centos8vm ~]# systemctl mask firewalld

2.) How do I know if my firewall is running CentOS 7?

Run systemctl or service command to check existing status of Firewall.

# service firewalld status
or
# systemctl status firewalld

3.) How do I flush firewall rules in CentOS 7?

To flush firewall rules, run below mentioned command

# iptables -F INPUT

4.) Why is Firewalld better than iptables?

Below mentioned is the difference and explanation on why firewalld is better than iptables.

S.noIptablesFirewalld
1.)Exist from long time, static and connect to netfilter moduleRecently replaced IPtables, Dynamic and it also connects to Netfilter module
2.)Change in rules require flush of complete table and restart of firewall serviceCreation, change and deletion of rules don't require firewall daemon restart.
3.)Configuration lies at etc/sysconfig/iptables directoryconfiguration lies at /etc/firewalld/ directory with set of XML files
4.)Four tables NAT, Mangle, Filter and Raw table to manage network trafficZones and services simplifies traffic management
5.)The command starts with iptables mostly to manage rulesThe command starts with firewall-cmd most to manage rules

5.) Does Firewalld use iptables?

Firewalld is dynamic and connects to Netfilter module like iptables. it is introduced to replace iptables from rhel7 onwards. In backend iptables chains are used to build a management framework.

Checkout firewall stack for further understanding.

Conclusion

I have covered all operations, you can run on firewalld service. These operations are also applicable to any services on CentOS Linux. I hope, it will help you with the understanding of service management in Centos. Also, help you on how to start/stop/disable the firewall on Centos 8 using CLI.

Please leave comment and share it on your social media, if you think it can help someone.