How to start / Stop or enable / disable Firewalld in OEL /RHEL 7
Solution :
The iptables service is replaced with firewalld service in Oracle Linux 7. The command iptables -L will list the set of rules that are in place on node.
[root@ebs1229 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohib ited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
The systemctl command will list all the services that are running on the node. On verifying the service “iptables” does not revert any output back. The service iptables is replaced by name “firewalld”
[root@ebs1229 ~]# systemctl | grep -i iptables
[root@ebs1229 ~]# systemctl | grep -i firewall
firewalld.service loaded active running firewalld - dynamic firewall daemon
[root@ebs1229 ~]#
To check the status of the service can use the below command:
[root@ebs1229 ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-05-11 17:29:37 IST; 1h 1min ago
Docs: man:firewalld(1)
Main PID: 3840 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─3840 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 11 17:29:25 ebs1229.premier.com systemd[1]: Starting firewalld - dynamic firewall daemon...
May 11 17:29:37 ebs1229.premier.com systemd[1]: Started firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ebs1229 ~]#
Service can stopped by the command below and you can recheck the status:
[root@ebs1229 ~]# systemctl stop firewalld
[root@ebs1229 ~]#
[root@ebs1229 ~]#
[root@ebs1229 ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2020-05-11 18:31:44 IST; 9s ago
Docs: man:firewalld(1)
Process: 3840 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 3840 (code=exited, status=0/SUCCESS)
May 11 17:29:25 ebs1229.premier.com systemd[1]: Starting firewalld - dynamic firewall daemon...
May 11 17:29:37 ebs1229.premier.com systemd[1]: Started firewalld - dynamic firewall daemon.
May 11 18:31:43 ebs1229.premier.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 11 18:31:44 ebs1229.premier.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ebs1229 ~]#
To disable the service on next boot (chkconfig in RHEL6 and prior), you can execute the below command. By executing the command, the related file links are removed and will not be referred next time.
[root@ebs1229 ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2020-05-11 18:31:44 IST; 9s ago
Docs: man:firewalld(1)
Process: 3840 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 3840 (code=exited, status=0/SUCCESS)
May 11 17:29:25 ebs1229.premier.com systemd[1]: Starting firewalld - dynamic firewall daemon...
May 11 17:29:37 ebs1229.premier.com systemd[1]: Started firewalld - dynamic firewall daemon.
May 11 18:31:43 ebs1229.premier.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 11 18:31:44 ebs1229.premier.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ebs1229 ~]#
As seen in the output above the firewalld service is in enabled mode, which means it would start on nextboot. To disable the start on next boot use the below command :
[root@ebs1229 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Verify the status again, to confirm that the service is in disabled mode.
[root@ebs1229 ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
May 11 17:29:25 ebs1229.premier.com systemd[1]: Starting firewalld - dynamic firewall daemon...
May 11 17:29:37 ebs1229.premier.com systemd[1]: Started firewalld - dynamic firewall daemon.
May 11 18:31:43 ebs1229.premier.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 11 18:31:44 ebs1229.premier.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ebs1229 ~]#
[root@ebs1229 ~]#
After reboot the server
[root@ebs1229 ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@ebs1229 ~]#
