Trang trợ giúp
34 lượt xem bởi

Default installations of the CentOS 7 Linux operating system have the firewalld firewall installed and enabled by default as a security measure, but how can we disable it?

In this quick guide we will show you how to disable both firewalld or iptables in CentOS 7 through the command line.

Note: The firewall is enabled by default for good reason. Blocking traffic from unwanted sources to our Linux system helps improve the security. Rather than fully disabling the firewall, it is recommended that you instead learn how to use firewalld.

Disable Firewalld In CentOS 7

Firewalld is installed and enabled by default, on my CentOS 7 minimal system we can confirm this as shown below.

[root@centos7 ~]# systemctl is-enabled firewalld
enabled

Being enabled means that the service will start automatically during system boot. We can see here that firewalld is both active and enabled. We can disable it as shown below.

[root@centos7 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

Now that firewalld is disabled, it will not automatically start on system boot. This does not however stop the current running instance of firewalld, as we can see below it still has a status of active meaning that firewalld is currently running.

[root@centos7 ~]# systemctl is-active firewalld
active

To stop firewalld from running, we must stop it separately, as shown below.

[root@centos7 ~]# systemctl stop firewalld

Now if we query whether firewalld is running and enabled, we should see that it has been disabled.

[root@centos7 ~]# systemctl is-enabled firewalld
disabled
[root@centos7 ~]# systemctl is-active firewalld
unknown

Despite being disabled, it is still currently possible for the firewalld service to be started manually with the ‘systemctl start firewalld’ command. To completely prevent it from being manually started the service must be masked.

[root@centos7 ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null. 
[root@centos7 ~]# systemctl unmask firewalld

Now even if we try to manually start firewalld it will fail.

[root@centos7 ~]# systemctl start firewalld
Failed to start firewalld.service: Unit firewalld.service is masked.

Disable Iptables In CentOS 7

As mentioned by default firewalld is in use in CentOS 7, however it is possible that firewalld may have been removed and the traditional iptables has been installed instead. If this is the case, the same commands will be used, except we will specify iptables in the instance of firewalld.

systemctl stop iptables
systemctl disable iptables
systemctl mask iptables

It’s worth noting that iptables and firewalld are mutually exclusive, only one should be running at any one time. Therefore, even if we do wish to use either firewalld or iptables we should ensure that the opposite service is completely stopped, disabled, and masked so that it will not interfere.

Công ty cổ phần Cung Cấp
104 Hoàng Diệu 2 - Phường Linh Chiểu - Quận Thủ Đức - Hồ Chí Minh - Việt Nam
Trang trợ giúp © 2018