Enable or disable the system firewall on a Linux ECS instance - Elastic Compute Service

Firewall technology helps computers build a relatively isolated protective barrier between internal and external networks to protect data. If you enable a firewall for an Elastic Compute Service (ECS) instance and configure rules to block external access, you may be unable to connect to the instance. This topic describes how to enable or disable the system firewall on an ECS instance that runs a Linux operating system.

Procedure

Run commands that are suitable for the Linux distribution of your instance.

CentOS 5 or CentOS 6
CentOS 7, Red Hat 7, or Alibaba Cloud Linux 2
Ubuntu
Debian

CentOS 5 or CentOS 6

Enable the system firewall.
```
service iptables start
```
Disable the system firewall.
```
service iptables stop
```
Check the status of the system firewall.
```
service iptables status
```

CentOS 7, Red Hat 7, or Alibaba Cloud Linux 2

Enable the system firewall.
```
systemctl start firewalld.service
```
Disable the system firewall.
```
systemctl stop firewalld.service
```
Check the status of the system firewall.
```
firewall-cmd --state
```

Ubuntu

Enable the system firewall.
```
ufw enable
```
Disable the system firewall.
```
ufw disable
```
Check the status of the system firewall.
```
ufw status
```

Debian

By default, no firewall is installed on Debian. If a firewall is installed on Debian, you can delete all firewall rules to remove traffic blocking.

Note

Before you delete all firewall rules, back up the rules.

Run the following commands to back up firewall rules:
```
touch [$Iptables]
iptables-save > [$Iptables]
```
Note
Replace the [$Iptables] variable with the actual directory in which you want to save the firewall rule backup file.
Run the following command to delete all firewall rules:
```
iptables -F
```