How to Stop and Disable Firewalld

Firewalld is a lightweight Linux firewall, but sometimes you may need to stop or disable it. This guide explains when it’s safe to turn it off, how to stop or disable it with Systemd, and what to do on UFW-based systems. Since disabling a firewall leaves your server exposed, safer alternatives include adjusting rules, opening only needed ports, or using zones. Always re-enable protection or ensure another firewall layer is in place.

Firewalld is a popular, lightweight command-line firewall for Linux server and desktop systems. We’ve covered how to open necessary ports and services in Firewalld. We’ve also covered how to manage zones and more advanced Firewalld configurations.

While you can stop or disable Firewalld, it’s important to remember that this removes a key security layer. Disabling the firewall should only be temporary, and only when you have another layer of protection in place (such as a cloud firewall, hardware firewall, or security rules inside your application).

Below, we cover how to temporarily stop Firewalld and disable Firewalld from starting upon system reboot.

firewalld.service and firewalld can be used interchangeably with the Systemd commands below.

When to Disable Firewalld

Before making changes, it helps to understand why someone might disable the firewall in the first place. In most cases, Firewalld should remain active to protect your server from unauthorized access. However, there are a few specific scenarios where stopping or disabling it can make troubleshooting and configuration easier.

There are a few common situations where you may need to turn off Firewalld:

Troubleshooting connection issues: If a service (like SSH, HTTP, or MySQL) is not responding, disabling Firewalld can confirm whether the firewall is blocking the traffic.
Testing another firewall application: If you plan to use a different firewall such as ConfigServer Security & Firewall (CSF), you may need to disable Firewalld first.
Temporary configuration changes: During migrations or setup, you may need to work without Firewalld until custom rules are added.

Warning: Leaving your server without a firewall exposes all open ports to the internet. Always re-enable Firewalld or use another firewall solution after troubleshooting.

Safer Alternatives to Disabling Firewalld

Even if disabling seems like the simplest fix, it’s not always the best choice for long-term security. In many cases, you can achieve the same goal by adjusting rules instead of turning the firewall off completely. These approaches allow you to continue troubleshooting without leaving your system fully exposed.

Instead of shutting the firewall down completely, consider these options:

Open only the required ports with firewall-cmd or firewall-offline-cmd. For example:

sudo firewall-cmd --permanent --add-service=http

sudo firewall-cmd --permanent --add-service=http

sudo firewall-cmd --permanent --add-service=https

sudo firewall-cmd --permanent --add-service=https

sudo firewall-cmd --reload

sudo firewall-cmd --reload

Use zones to apply different rules to public vs. trusted networks.
Temporarily stop Firewalld for a single session instead of disabling it at boot.

These methods allow your server to stay protected while giving your application the access it needs.

How to Stop Firewalld

Systemd stop and start commands refer to the current server session. Follow these steps to stop Firewalld until manually started again or the server reboots if Firewalld is enabled.

Log into SSH
Check Firewalld status:
```
systemctl status firewalld.service
```
If Firewalld is running, you’ll see a green circle (🟢) before firewalld.service, and two lines below, Active: active (running). The Loaded row states whether the service is enabled to start upon reboot.

For a quick active or inactive instead:
```
systemctl is-active firewalld.service
```
Stop Firewalld for the current session:
```
systemctl stop firewalld.service
```
Confirm Firewalld is inactive
```
systemctl status firewalld
```
You should see a white circle (○) before firewalld.service and Active: inactive (dead).
Start Firewalld once desired:
```
systemctl start firewalld
```

Scalable VPS Infrastructure, Fully Managed

When shared hosting can't handle your traffic, VPS delivers dedicated resources that scale with demand. Our team manages the technical complexity while you manage your business.

NVMe Storage High-Availability Ironclad Security Premium Support

VPS Hosting

Disable Firewalld

Systemd disable and enable commands refer to whether a process starts automatically when the server reboots. This operates separately from stop / inactive status above.

Check Firewalld status:
```
systemctl status firewalld
```
The Loaded row states whether the service is enabled to start upon reboot.
Disable Firewalld from starting at boot:
```
systemctl disable firewalld
```
Confirm Firewalld is disabled:
```
systemctl status firewalld
```
Enable Firewalld once desired:
```
systemctl enable firewalld
```

Disabling UFW (Ubuntu/Debian)

Not all Linux distributions use Firewalld. On Ubuntu and Debian, the default firewall is UFW (Uncomplicated Firewall). If you’re working on one of these systems, the process is slightly different but just as straightforward.

To disable UFW:

sudo ufw disable

To check status:

sudo ufw status

Best Practices After Disabling a Firewall

Turning off a firewall should always be seen as a short-term step. Once troubleshooting is complete, your server should be protected again before returning to production use. These reminders help you keep your system secure while still giving you flexibility during setup.

Only disable for as long as necessary.
Ensure another firewall layer (cloud, hardware, or application-level) is active.
Re-enable Firewalld or UFW once testing or configuration is complete.

Want to learn more about server security? Read more about Dedicated server and VPS hardening in our complete guide.

Share this Article

Need More Help?