Check Ubuntu or Linux Firewall Status

Before disabling the UFW firewall, it is a good idea to check its status first. In Ubuntu, the firewall is disabled by default. How do you know if your firewall is on?

To check the current status of the firewall, execute the command in your command terminal:

sudo ufw status

Disable Ubuntu Firewall

A firewall is a vital element in a network and server security. However, while testing or troubleshooting, you might need to shut down or stop the firewall.

To disable the firewall on Ubuntu, enter:

sudo ufw disable

Using UFW to Set Firewall Rules

UFW does not provide complete firewall functionality via its command-line interface. However, it does offer an easy way to add or remove simple rules.

A good example is opening an SSH port.

For example:

sudo ufw allow 22

Installing Firewalld

RHEL/CentOS

Firewalld is preinstalled on many Linux distributions, such as RHEL and its derivatives (including CentOS, AlmaLinux, and Rocky Linux), CentOS Stream, Fedora, and openSUSE Leap. If you are running one of these distribution, you do not need to perform any installation steps.

Ubuntu and Debian

1. Install the firewalld package.

   sudo apt update && sudo apt install firewalld
   

2. Disable any firewall configuration software that may have been previously used, such as ufw.

   sudo ufw disable

Managing Firewalld

1. To start the service and enable firewalld on boot:

   sudo systemctl start firewalld
   sudo systemctl enable firewalld
   

   To stop and disable it:

   sudo systemctl stop firewalld
   sudo systemctl disable firewalld
   

2. Check the firewall status. The output should say either running or not running

   sudo firewall-cmd --state
   

3. To view the status of the firewalld daemon:

   sudo systemctl status firewalld
   

   Example output:

   firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2019-08-08 15:11:24 IST; 23h ago
       Docs: man:firewalld(1)
     Main PID: 2577 (firewalld)
     CGroup: /system.slice/firewalld.service
             └─2577 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

4. To reload a firewalld configuration:

   sudo firewall-cmd --reload

Configuring Firewalld

Firewalld is configured with XML files. Except for very specific configurations, you won’t have to deal with them and firewall-cmd should be used instead.

Configuration files are located in two directories:

• /usr/lib/FirewallD holds default configurations like default zones and common services. Avoid updating them because those files will be overwritten by each firewalld package update.
• /etc/firewalld holds system configuration files. These files will overwrite a default configuration.

Configuration Sets

Firewalld uses two configuration sets: Runtime and Permanent. Runtime configuration changes are not retained on reboot or upon restarting firewalld whereas permanent changes are not applied to a running system.

By default, firewall-cmd commands apply to runtime configuration but using the --permanent flag will establish a persistent configuration. To add and activate a permanent rule, you can use one of two methods.

1. Add the rule to both the permanent and runtime sets.

   sudo firewall-cmd --zone=public --add-service=http --permanent
   sudo firewall-cmd --zone=public --add-service=http
   

2. Add the rule to the permanent set and reload firewalld.

   sudo firewall-cmd --zone=public --add-service=http --permanent
   sudo firewall-cmd --reload
   

   Note

   The reload command drops all runtime configurations and applies a permanent configuration. Because firewalld manages the ruleset dynamically, it won’t break an existing connection and session.