HowTo Disable The Iptables Firewall in Linux

last updated June 28, 2012 in Debian / Ubuntu, Iptables, Linux, Networking, RedHat and Friends, Suse, Ubuntu Linux

I need to disable firewall in Linux for testing purpose. I’m using CentOS and RHEL version 4.4 / 5 / 6. How do I disable the firewall in Linux?

A Linux firewall is software based firewall that provides protection between your server (workstation) and damaging content on the Internet or network. It will try to guard your computer against both malicious users and software such as viruses/worms.

Task: Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following two commands (you must login as the root user):
# /etc/init.d/iptables save # /etc/init.d/iptables stop
Turn off firewall on boot:
# chkconfig iptables off

Task: Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following command to turn on iptables firewall:
# /etc/init.d/iptables start
Turn on firewall on boot:
# chkconfig iptables on

Check out related media

See firewall start and stop video tutorial:

A note about other Linux distribution

If you are using other Linux distribution such as Debian / Ubuntu / Suse / Slakcware Linux etc., try the following generic procedure. First, save the current firewall rules, type:
# iptables-save > /root/firewall.rules
OR
$ sudo iptables-save > /root/firewall.rules
Next, type the following commands (login as the root) as bash prompt:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Or create a shell script as follows and run it to disable the firewall:

#!/bin/bash
# reset.fw - Reset firewall
# set x to 0 - No reset
# set x to 1 - Reset firewall
# ---------------------------------------------------------------------------------------------------------------
# Added support for IPV6 Firewall
# ---------------------------------------------------------------------------------------------------------------
# Written by Vivek Gite <vivek@nixcraft.com>
# ---------------------------------------------------------------------------------------------------------------
# You can copy / paste / redistribute this script under GPL version 2.0 or above
# =============================================================
x=1
 
# set to true if it is CentOS / RHEL / Fedora box
RHEL=false
 
### no need to edit below  ###
IPT=/sbin/iptables
IPT6=/sbin/ip6tables
 
if [ "$x" == "1" ];
then
	if [ "$RHEL" == "true" ];
	then
	      # reset firewall using redhat script
		/etc/init.d/iptables stop
		/etc/init.d/ip6tables stop
	else
		# for all other Linux distro use following rules to reset firewall
		### reset ipv4 iptales ###
		$IPT -F
		$IPT -X
		$IPT -Z
		for table in $(</proc/net/ip_tables_names)
		do
			$IPT -t $table -F
			$IPT -t $table -X
			$IPT -t $table -Z
		done
		$IPT -P INPUT ACCEPT
		$IPT -P OUTPUT ACCEPT
		$IPT -P FORWARD ACCEPT
		### reset ipv6 iptales ###
		$IPT6 -F
		$IPT6 -X
		$IPT6 -Z
		for table in $(</proc/net/ip6_tables_names)
		do
			$IPT6 -t $table -F
			$IPT6 -t $table -X
			$IPT6 -t $table -Z
		done
		$IPT6 -P INPUT ACCEPT
		$IPT6 -P OUTPUT ACCEPT
		$IPT6 -P FORWARD ACCEPT
	fi
else
        :
fi

To restore or turn on firewall type the following command:
# iptables-restore < /root/firewall.rules

GUI tools

If you are using GUI desktop firewall tools such as 'firestarter', use the same tool to stop the firewall. Visit:
System > Administration > firestarter > Click on Stop Firewall button:
Sample outputs:
Howto disable the iptables firewall in Debian / Ubuntu Linux

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

Become a Supporter Make a contribution via Paypal/Bitcoin

28 comment

mike says:
November 23, 2007 at 2:37 pm
you can get the status of iptables with the following
service iptables status
service iptables help gives:
Usage: /etc/init.d/iptables {start|stop|restart|condrestart|status|panic|save}
1. hanumanaik says:
  February 9, 2011 at 8:14 am
  how to insatall CentOS 4.3 in VMWere
  1. Gregory says:
    May 3, 2011 at 2:16 pm
    Same as on a machine…
Photos of China says:
July 4, 2008 at 7:29 am
I have this error on centOS
/etc/init.d/iptables save
Usage /etc/init.d/iptables {start|output_int|stop|restart|status}
nixCraft says:
July 4, 2008 at 8:19 am
Are you sure you got CentOS? Another option is
iptables-save > /root/working.fw
Flash32 says:
October 30, 2008 at 4:06 pm
Thanks Guys!!!
Robert says:
December 24, 2008 at 3:32 pm
The easy way to do this is:
chkconfig iptables off
then to re-enable
chkconfig –level 345 iptables on
joe says:
January 5, 2009 at 7:56 pm
on fedora, once you enabled firwalls/selinux during installation, I can never make nfs boot or ftp works. you can see firewall disabled, iptables disabled, yet no help. Either selinux or fedora GUI has bugs, what I get:
Loading: TFTP error 2: Only absolute filenames allowed
Failed.
to our people, the selinux is a nightmare. forget what the system told you. selinux adds extension to file attributes then some garbage cannot be removed.
Amie says:
January 7, 2009 at 8:32 pm
Hi – first time here and really need some help!
I gave my father in law a netbook for Xmas with Linux as an operating system but cannot connect to Sky broadband. Sky unable to help, any ideas??
Manu Anand says:
January 9, 2009 at 11:36 pm
Hey Amie:
Try connecting with a ethernet cable.
If that works then try KDE’s network manager.
HTH
Manu
Tomas says:
February 27, 2009 at 3:08 pm
Excellent!
Really Thanks
Ashwani says:
April 9, 2009 at 1:50 am
Thanks for help….
FTP can be accessed by stop IP tables.
mallikarjun goud says:
November 15, 2009 at 7:01 am
how to stop iptables with out chkconfig iptables off command………………..plz help me out
Kapil Ahire says:
March 17, 2010 at 4:17 am
Thanks All Of you
Alex says:
March 30, 2010 at 3:26 pm
Hi,
I have a problem starting iptables:
[root@myserver ~]# /etc/init.d/iptables start
[root@myserver ~]# /etc/init.d/iptables status
Firewall is stopped.
[root@myserver ~]# rpm -q iptables
iptables-1.3.5-5.3.el5_4.1
Please help me solve this problem.
Thanks!
Alex
neha soni says:
April 3, 2010 at 11:06 am
how can we stop the iptables service in ubuntu???
i have tried “services iptables stop” but it is giving “unrecognized service”.
is there any other command or method to do so???
1. Yogesh Kumar says:
  April 16, 2010 at 5:19 am
  /etc/init.d/iptables status
  if running than to stop
  /etc/init.d/iptables stop
vijay says:
April 17, 2010 at 8:32 pm
HI,
I am very confused about iptables status.
I stopped my iptables by running ” service iptables stop”, later on i checked wheter it is really running or not by running “service iptables status”. It shows me ” Firewall is disabled”. If I run iptables -L it shows me the list of INPUT/OUTPUT/FORWARD Chains. If again i will run ” service iptables status” it will show me againall chains. What it really means, does iptables start auutomatically when I type ” iptables -L”? Please reply lots of confusion!!!
Thanks in advance.
Vijay
maansingh says:
June 22, 2010 at 4:48 pm
dear sir ,
how can i configure the firewall
quan says:
September 13, 2010 at 5:53 am
I make iptable stop but not start it
>>
[root@FreeSX ~]# /etc/init.d/iptables start
Applying iptables firewall rules: iptables-restore: line 1 failed
[FAILED]
[root@FreeSX ~]# /etc/init.d/iptables status
Firewall is stopped.
>>
plz help me as soon as possible
thks!!!!!!
Tyler says:
April 19, 2011 at 8:10 pm
Debian Stable doesn’t seem to have an init.d script, or the services application, or the chkconfig application. How does one start/stop/restart the iptables service on Debian?
jokish says:
May 13, 2011 at 3:35 pm
Thankss a lot ………………………….. gud to learn
ram says:
November 6, 2011 at 7:40 pm
To stop firewall during bootup aka permanently
[root@ssd optimized]# chkconfig –list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@ssd optimized]# chkconfig –level 345 iptables off
[root@ssd optimized]# chkconfig –list | grep iptables
iptables 0:off 1:off 2:on 3:off 4:off 5:off 6:off
Inversys says:
November 12, 2011 at 5:12 pm
Excellent!
Thanks for all.
Harshal says:
September 5, 2012 at 5:58 am
Thanks
Brian says:
October 19, 2012 at 3:47 pm
For ubuntu/debian servers, it is better to run default policy change, “iptables -P INPUT ACCEPT” before “iptables -F”, otherwise you will lose current connections immediately if your default policy was set to DENY
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
This should be applied to the script file too.
Bhagya Raj says:
January 24, 2015 at 6:42 am
Thank You Very Much.
Mukundan says:
October 15, 2015 at 3:57 am
Thanks. It helped me. :)

Have a question? Post it on our forum!

Tagged as: desktop firewall, disable firewall, fedora core, fedora firewall disable, firestarter, firewall rules, firewall system, gui tools, iptables firewall, linux distribution, linux firewall, malicious users, red hat, root user, suse linux