How to disable/enable firewall on AlmaLinux

firewalld is the firewall manager that comes pre-installed on AlmaLinux, whether you’ve freshly installed AlmaLinux or migrated from CentOS to AlmaLinux. By default, the firewall is turned on, meaning that a very limited number of services are able to receive incoming traffic.

This is a nice security feature, but it means that the user must be knowledgeable enough to configure the firewall whenever they install a new service on the system, like HTTPD or SSH for example. Otherwise, connections from the internet can’t reach these services.

In this guide, we’ll see how to disable or enable the firewall in AlmaLinux, along with checking the status of the firewall. These are good troubleshooting options when trying to determine if a firewall rule is blocking traffic to or from a particular service.

DID YOU KNOW?
firewalld is simply a front end for the system’s nftables (formerly iptables) firewall. This makes the firewall easier to interact with, but essentially firewalld just translates all our commands into corresponding nft commands.

In this tutorial you will learn:

  • How to check the firewall status on AlmaLinux
  • How to stop firewall on AlmaLinux
  • How to start firewall on AlmaLinux
  • How to permanently disable firewall on AlmaLinux
  • How to enable firewall to start after reboot
How to disable or enable the firewall on AlmaLinux

How to disable or enable the firewall on AlmaLinux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System AlmaLinux
Software firewalld
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to check the status of firewall on AlmaLinux



We can interact with the firewalld service through systemd. To see whether firewalld is currently running, execute the following systemctl command in a terminal.

$ systemctl status firewalld
systemctl status shows us that firewalld is running and enabled to start automatically

systemctl status shows us that firewalld is running and enabled to start automatically

The above screenshot shows us that firewalld is currently running, and it’s set to enabled. This means that it will start automatically whenever the system boots up. We’ll see how to toggle that setting shortly.

To see what services firewalld has configured, try the following command.

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:


We can see that firewalld currently has rules configured for cockpit, DHCP, and SSH. To see more information about your current firewalld configuration, check out our guide on introduction to firewall-cmd command on Linux.

How to stop or start firewall on AlmaLinux

Use the following systemd commands to stop or start the firewalld service.

To stop the firewall:

$ sudo systemctl stop firewalld

We can confirm that the firewall is off by checking its status once again.

firewalld is turned off, as indicated by the status of inactive

firewalld is turned off, as indicated by the status of inactive

Since firewalld is currently enabled (set to start automatically at boot), the service will stay disabled until we manually start it again or reboot the system.



To start the firewall again, execute the following command.

$ sudo systemctl start firewalld

If all we need to do is restart the process, we can do that as well.

$ sudo systemctl restart firewalld

How to permanently enable or disable firewall on AlmaLinux

By default, firewalld starts automatically when our system loads in. To change this behavior, we can issue the systemctl disable command. This, combined with the systemctl stop command shown above, will permanently disable firewalld.

$ sudo systemctl disable firewalld
firewalld has been disabled from starting automatically at boot

firewalld has been disabled from starting automatically at boot

The firewalld service can be re-enabled at any time by executing the following command.

$ sudo systemctl enable firewalld

Closing Thoughts

The firewall on Linux can be complicated, but the firewalld process on AlmaLinux is meant to make it a little easier. In this guide, we saw how to stop or start the firewall in AlmaLinux, as well as check the status and enable or disable it from starting automatically on boot.