firewalld is the firewall manager that comes pre-installed on AlmaLinux, whether you've freshly installed AlmaLinux or migrated from CentOS to AlmaLinux. By default, the firewall is turned on, meaning that a very limited number of services are able to receive incoming traffic.
This is a nice security feature, but it means that the user must be knowledgeable enough to configure the firewall whenever they install a new service on the system, like HTTPD or SSH for example. Otherwise, connections from the internet can't reach these services.
In this guide, we'll see how to disable or enable the firewall in AlmaLinux, along with checking the status of the firewall. These are good troubleshooting options when trying to determine if a firewall rule is blocking traffic to or from a particular service.
firewalld is simply a front end for the system's nftables (formerly iptables) firewall. This makes the firewall easier to interact with, but essentially firewalld just translates all our commands into corresponding
- How to check the firewall status on AlmaLinux
- How to stop firewall on AlmaLinux
- How to start firewall on AlmaLinux
- How to permanently disable firewall on AlmaLinux
- How to enable firewall to start after reboot
|Category||Requirements, Conventions or Software Version Used|
|Other||Privileged access to your Linux system as root or via the |
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
How to check the status of firewall on AlmaLinux
We can interact with the firewalld service through systemd. To see whether firewalld is currently running, execute the following systemctl command in a terminal.
$ systemctl status firewalld
The above screenshot shows us that firewalld is currently running, and it's set to
enabled. This means that it will start automatically whenever the system boots up. We'll see how to toggle that setting shortly.
To see what services firewalld has configured, try the following command.
$ sudo firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
We can see that firewalld currently has rules configured for cockpit, DHCP, and SSH. To see more information about your current firewalld configuration, check out our guide on introduction to firewall-cmd command on Linux.
How to stop or start firewall on AlmaLinux
Use the following systemd commands to stop or start the firewalld service.
To stop the firewall:
$ sudo systemctl stop firewalld
We can confirm that the firewall is off by checking its status once again.
Since firewalld is currently enabled (set to start automatically at boot), the service will stay disabled until we manually start it again or reboot the system.
To start the firewall again, execute the following command.
$ sudo systemctl start firewalld
If all we need to do is restart the process, we can do that as well.
$ sudo systemctl restart firewalld
How to permanently enable or disable firewall on AlmaLinux
By default, firewalld starts automatically when our system loads in. To change this behavior, we can issue the
systemctl disable command. This, combined with the
systemctl stop command shown above, will permanently disable firewalld.
$ sudo systemctl disable firewalld
The firewalld service can be re-enabled at any time by executing the following command.
$ sudo systemctl enable firewalld
The firewall on Linux can be complicated, but the firewalld process on AlmaLinux is meant to make it a little easier. In this guide, we saw how to stop or start the firewall in AlmaLinux, as well as check the status and enable or disable it from starting automatically on boot.