How to Stop and Disable Firewalld

Firewalld is a popular, lightweight command-line firewall for Linux server and desktop systems. We’re covered how to open necessary ports and services in Firewalld. We’ve also covered how to manage zones and more advanced Firewalld configurations.

From the configuration guide, one of the most important related tasks for troubleshooting server access is how to disable Firewalld temporarily or permanently. Why?

Troubleshooting connection issues. Sometimes, something goes wrong and temporarily disabling Firewalld can help you troubleshoot the problem. Firewalld blocks traffic from most ports by default. For this reason it may be better to configure open ports with firewall-offline-cmd before enabling the firewall on more complex production systems.

Testing another firewall application. Maybe you may want to test a different firewall application but lack a staging, or development, system. For example, ConfigServer Security & Firewall (CSF) is popular for it’s powerful, yet user-friendly setup process and cPanel plugin for managed VPS and dedicated servers.

Below we cover how to temporarily stop Firewalld and disable Firewalld from starting upon system reboot.

firewalld.service and firewalld can be used interchangeably with the Systemd commands below.

How to Stop Firewalld

Systemd stop and start commands refer to the current server session. Follow these steps to stop Firewalld until manually started again or the server reboots if Firewalld is enabled.

  1. Log into SSH
  2. Check Firewalld status:
    systemctl status firewalld.service

    If Firewalld is running, you’ll see a green circle (🟢) before firewalld.service, and two lines below, Active: active (running). The Loaded row states whether the service is enabled to start upon reboot.
    Firewalld.service active and enabled to start upon reboot

    For a quick active or inactive instead:
    systemctl is-active firewalld.service
  3. Stop Firewalld for the current session:
    systemctl stop firewalld.service
  4. Confirm Firewalld is inactive
    systemctl status firewalld

    You should see a white circle (○) before firewalld.service and Active: inactive (dead).
  5. Start Firewalld once desired:
    systemctl start firewalld

Start building your next web application with our Ubuntu Cloud Server Hosting.

Disable Firewalld

Systemd disable and enable commands refer to whether a process starts automatically when the server reboots. This operates separately from stop / inactive status above.

  1. Check Firewalld status:
    systemctl status firewalld

    The Loaded row states whether the service is enabled to start upon reboot.
  2. Disable Firewalld from starting at boot:
    systemctl disable firewalld
  3. Confirm Firewalld is disabled:
    systemctl status firewalld
  4. Enable Firewalld once desired:
    systemctl enable firewalld

Want to learn more about server hardening? Read more about how to harden managed VPSs and dedicated servers.

Was this article helpful? Let us know!