CentOS Stream 10: Firewall and SELinux

How to configure firewall and SELinux on CentOS Stream 10, including service status checks, enabling/disabling, and basic security policies.

May 25, 2026 5 min read
centoscentos-stream-10linuxserverinitial-settingsfirewallselinuxsecurity

Configure Firewall and SELinux on CentOS Stream 10.

Firewall Status

Display the Firewall service status (enabled by default):

systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: active (running) since Mon 2024-12-16 12:55:14 JST; 5min ago
       Docs: man:firewalld(1)
   Main PID: 877 (firewalld)
      Tasks: 2 (limit: 24780)
     Memory: 47.9M (peak: 49.9M)
        CPU: 242ms
     CGroup: /system.slice/firewalld.service
             └─ 877 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid

Active: active (running) means firewalld is running.

Firewall Configuration

If you use the Firewall service, you need to modify Firewall settings manually because incoming requests for services are mostly not allowed by default. See the Firewalld Basic Operation guide for details.

Configuration examples on this site assume the Firewalld service is always enabled.

Disable Firewall

If you don't need the Firewall service (e.g., you have a separate firewall machine on your network), you can stop and disable it:

Stop the service:

systemctl stop firewalld

Disable the service:

systemctl disable firewalld

Removed '/etc/systemd/system/multi-user.target.wants/firewalld.service'.
Removed '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'.

SELinux Status

Display the current SELinux (Security-Enhanced Linux) status (enabled by default):

getenforce

Enforcing     # SELinux is enabled

SELinux Configuration

If SELinux is enabled, you may need to modify SELinux policies manually, as SELinux sometimes blocks applications. See the SELinux Basic Operation guide for details.

Configuration examples on this site assume SELinux is always Enforcing.

Disable SELinux

If you don't need SELinux (e.g., your server runs only on a local safe network), you can disable it:

grubby --update-kernel ALL --args selinux=0

Apply changes by rebooting:

reboot

To re-enable SELinux:

grubby --update-kernel ALL --remove-args selinux