How to Stop and Disable Firewalld

Stop and Disable Firewalld is a common task for Linux users who need to temporarily turn off or permanently deactivate their system’s firewall. Firewalld is a dynamic firewall manager that controls network traffic using zones and rules. It plays a vital role in protecting your server from unauthorized access. However, in some cases—such as troubleshooting network issues, testing configurations, or using an alternative firewall—you might need to stop or disable it safely.

This article explains how to stop and disable Firewalld using systemctl and firewall-cmd commands. You’ll learn how to check its current status, stop it temporarily, disable it permanently, and confirm the changes. By the end, you’ll know how to manage Firewalld without exposing your Linux system to unnecessary risks.

Steps to Stop and Disable Firewalld

Before you stop or disable Firewalld, it’s essential to understand how it runs as a service. Each step below helps you control its operation safely and effectively.

Step 1: Check Firewalld Status

Before you stop or disable Firewalld, verify whether it’s active. This ensures you know its current state before making any changes. Use the following commands:

sudo systemctl status firewalld

This command shows whether Firewalld is active (running) or inactive (dead).
Alternatively, you can check its state directly:

sudo firewall-cmd --state

If it returns running, Firewalld is currently active. This step helps you confirm that your actions in the next steps are correctly applied.

Step 2 – Stop Firewalld Temporarily

If you only need to stop Firewalld for a short time—such as for testing network settings or debugging issues—you can use:

sudo systemctl stop firewalld

This command stops Firewalld immediately, but it will start again after a system reboot.
Temporarily stopping Firewalld is useful when you’re diagnosing connectivity problems or testing another firewall tool. However, once you’re done, you should restart it using:

sudo systemctl start firewalld

This ensures your system remains protected once troubleshooting is complete.

Step 3: Disable Firewalld Permanently

If you prefer to turn off Firewalld permanently, use these commands:

sudo systemctl disable firewalld
sudo systemctl mask firewalld

The first command prevents Firewalld from starting automatically during boot.
The second command masks the service, blocking it from being started manually or by other processes.

Be careful when you stop and disable Firewalld permanently. Doing so removes an essential layer of protection, so only proceed if you’re using another firewall or your system is secured in another way.

Step 4: Verify the Firewall Status

After you stop and disable Firewalld, confirm that it’s no longer active. Run the following command:

sudo systemctl status firewalld

The output should show inactive (dead) and disabled. You can also use:

sudo firewall-cmd --state

If it returns not running, Firewalld has been successfully stopped and disabled. Verifying the status ensures your commands were executed properly and helps avoid any accidental restarts of the service.

Step 5: Alternative Firewall Options

Once you stop and disable Firewalld, your system loses its built-in network protection. To maintain security, consider using an alternative firewall.

Two reliable options include:

• iptables – Offers granular control over network traffic. Ideal for advanced users who want to manage rules manually.
• UFW (Uncomplicated Firewall) – A beginner-friendly option that simplifies firewall management through easy commands.

Installing one of these alternatives ensures continued security in the absence of Firewalld.

Troubleshooting Common Issues

Sometimes, errors occur when you stop and disable Firewalld. These can include permission problems, conflicts with other services, or unexpected restarts. Understanding these issues helps you fix them quickly.

If you encounter a permission denied error, use sudo before each command.
For systems where Firewalld conflicts with UFW or iptables, ensure that the conflicting service is stopped first. To resolve issues where Firewalld automatically restarts, unmask it completely:

sudo systemctl mask firewalld
sudo systemctl daemon-reload

If errors persist, check logs with:

sudo journalctl -u firewalld

This helps identify what’s triggering the restart or failure.

Best Practices When Disabling Firewalld

When you stop and disable Firewalld, always take precautions to prevent security risks. Disabling a firewall completely can expose your server to attacks if no alternative protection is in place.

Use temporary stopping instead of permanent disabling whenever possible, especially during testing or configuration checks.

If you must disable it permanently, ensure your network is protected by iptables, UFW, or a hardware firewall.

Always test connectivity and verify rule behavior before deploying any configuration changes. This approach maintains system security while giving you control over firewall management.

Conclusion

You’ve learned how to safely stop and disable Firewalld using simple systemctl commands. From checking its status to disabling it permanently, these steps ensure full control over your Linux firewall settings.

However, remember that disabling Firewalld removes an important layer of defense. Always do it only when necessary, such as for testing or switching to another firewall.

Maintaining alternative protection like UFW or iptables helps ensure your system remains secure even when Firewalld is turned off.