Disabling Firewalld on recently updated CentOS 7 server

Submitted by daniel on Wed, 16/12/2020 - 14:52

I have spent much longer than I expected figuring out why I could not login to my server using ssh on a recently updated CentOS server.

It turns out on CentOS 7 the default firewall Iptables is replaced by Firewalld. The issue that I experienced meant that 2 firewalls were enabled that did not work well with each other.

To avoid that the different firewall services influence each other, run only one of them on a RHEL host, and disable the other services. 


The Plesk firewall is using iptables. Firewalld and iptables are not working well together - after a reboot it can happen
that all ports to the server are closed (I encountered this problem every time, had to reload firewalld to resolve it).
So you should stop and disable firewalld.

Firewalld is geared towards workstations and is not as fully featured as Iptables, To avoid conflicts that prevent us for logging into the remote server via ssh it would be a good idea to disable and prevent prevent firewalld from starting at boot, and to mask and not let other services start firewalld.

sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl mask firewalld

When you mask a service, a symlink is created from /etc/systemd/system to /dev/null, leaving the original unit file elsewhere untouched. When you unmask a service the symlink is deleted.

By masking the firewalld command we make sure that it is never started even if it is a dependency of another service or application.

References / Resources





Add new comment