Setup command in CentOS 7 throws Error – FirewallD is active, please use firewall-cmd!

Updated on September 2, 2017

I generally use setup or system-config-firewall commands to configure firewall in CentOS machines. But the same commands in CentOS 7 failed with an error message ERROR: FirewallD is active, please use firewall-cmd.

 ERROR: FirewallD is active, please use firewall-cmd.
 ERROR: FirewallD is active, please use firewall-cmd.

The above error message recommends to use firewall-cmd command, which actually uses firewalld service.

Firewalld is a new service that replaces system-config-firewall in latest versions of CentOS. It allows you to manage firewall dynamically to define trust level of network connections or interfaces. When enabled, the service starts during the system boot and when it’s listening, the commands such as setup and system-config-firewall will not work.

You can check the status of firewalld as shown below:

$service firewalld status
Redirecting to /bin/systemctl status firewalld.service
â firewalld.service - firewalld - dynamic firewall daemon
 Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
 Active: active (running)


$firewall-cmd --state

Configuring firewalld using GUI tool

You can use firewall-config command which provides a graphical user interface to configure firewalld. If you don’t have one, install it using yum.

$yum install firewall-config

configure firewall centos 7

How to use firewall-cmd command?

The first thing to do is check the man page of firewall-cmd.

$man firewall-cmd

For example, to allow port 80 in the firewall, below is the command.

$firewall-cmd --add-port=80/tcp --permanent

Here’s a complete guide on firewalld usage commands.

How to get back system-config-firewall or setup commands?

Simple, you need to shutdown firewalld daemon.

$service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service

system-config-firewall command

Was this article helpful?

Related Articles

Leave a Comment