How To Check The Firewall Status In Linux

Verifying your firewall status in Linux confirms whether your security rules are actively protecting the system. Knowing how to check the firewall status in Linux is a fundamental skill for any system administrator or security-conscious user. Without this knowledge, you might leave your machine exposed to unwanted network traffic. This guide walks you through every major method, from simple commands to graphical tools, so you can quickly confirm your firewall is working as intended.

Firewalls are your first line of defense against unauthorized access. They filter incoming and outgoing traffic based on predefined rules. But a firewall is only useful if it’s actually running. That’s why checking its status should be part of your regular system maintenance routine. Let’s get started with the most common firewall tools and how to check them.

Why Checking Firewall Status Matters

Before diving into commands, it helps to understand why this matters. A disabled firewall can leave your system vulnerable to attacks, especially if you’re running services like SSH, web servers, or databases. On the flip side, an overly restrictive firewall can block legitimate traffic, breaking applications. Regular checks ensure your security posture is correct.

Different Linux distributions use different firewall systems. The most common ones are iptables, nftables, UFW (Uncomplicated Firewall), and firewalld. Each has its own way of showing status. We’ll cover all of them so you’re prepared no matter what distro you use.

This section covers the exact commands you need. Depending on your Linux distribution, you’ll use one or more of these methods. Let’s break them down by firewall tool.

Checking UFW Status

UFW is popular on Ubuntu and Debian-based systems. It’s designed to be simple. To check its status, open a terminal and run:

sudo ufw status

This command shows you if UFW is active or inactive. If it’s active, you’ll see a list of rules. For more detail, use:

sudo ufw status verbose

The verbose output includes default policies (allow or deny) and logging settings. Here’s what a typical response looks like:

Status: active – Firewall is running.
Status: inactive – Firewall is not running.
Logging: on (low) – Basic logging is enabled.
Default: deny (incoming), allow (outgoing) – Default policies.

If you see “inactive,” you can enable UFW with sudo ufw enable. But be careful – enabling it without rules might lock you out if you’re connected remotely.

Checking Firewalld Status

Firewalld is the default on RHEL, CentOS, Fedora, and other Red Hat-based systems. It uses zones and services. To check its status, use:

sudo systemctl status firewalld

This shows the service status, including whether it’s active (running) or inactive (dead). For a more firewall-specific view, run:

sudo firewall-cmd --state

This command simply returns “running” or “not running.” To see active zones and rules, use:

sudo firewall-cmd --list-all

That output includes the default zone, interfaces, services, ports, and masquerade settings. It’s a comprehensive snapshot of your current configuration.

Checking Iptables Status

Iptables is the classic Linux firewall tool. Even if you use UFW or firewalld, they often rely on iptables underneath. To check if iptables rules are loaded, run:

sudo iptables -L -n -v

This lists all rules with numeric IP addresses and packet counts. If you see rules, the firewall is active. If the output is empty (only default chains with no rules), it might still be running but with no custom rules. To check if the iptables service itself is running, use:

sudo systemctl status iptables

On some systems, iptables is not managed as a service. Instead, rules are loaded at boot via scripts. In that case, the -L command is your best bet.

Checking Nftables Status

Nftables is the modern replacement for iptables. It’s used by default on newer distributions like Debian 10+ and Fedora. To check its status, run:

sudo nft list ruleset

This shows all rules in the current nftables configuration. If the output is empty, no rules are loaded. To check if the nftables service is active, use:

sudo systemctl status nftables

Nftables can coexist with iptables, but they are separate systems. Make sure you know which one your distro uses.

Using Systemd To Check Firewall Services

Most modern Linux distributions use systemd to manage services. You can check any firewall service’s status with the same command pattern. For example:

sudo systemctl status ufw
sudo systemctl status firewalld
sudo systemctl status iptables
sudo systemctl status nftables

This shows you the service’s current state (active/inactive), whether it’s enabled to start at boot, and recent log entries. This is often the quickest way to see if a firewall is running.

If the service is “inactive (dead),” it means the firewall is not running. If it’s “active (running),” it’s working. The “enabled” or “disabled” status tells you if it will start automatically after a reboot.

Checking Firewall Status Without Sudo

Some commands require root privileges. But there are ways to check status without sudo, depending on your setup. For UFW, you can sometimes use:

ufw status

But this usually requires sudo. For firewalld, you can check the service status without sudo if you have the right permissions:

systemctl --user status firewalld

However, this only works if firewalld is running as a user service, which is rare. In practice, most firewall checks require sudo. If you’re on a shared system, ask your administrator for access.

Using Graphical Tools

If you prefer a GUI, Linux has options. On Ubuntu, you can install gufw (graphical UFW):

sudo apt install gufw

Then launch it from the applications menu. It shows the firewall status with a simple on/off toggle. On Fedora or RHEL, you can use firewall-config:

sudo dnf install firewall-config

This graphical tool shows zones, services, and current status. It’s a good alternative if you’re not comfortable with the command line.

Common Issues And Troubleshooting

Sometimes the firewall status isn’t what you expect. Here are a few common problems and how to fix them.

Firewall Shows Inactive But Should Be Active

If you see “inactive” but you know you configured rules, the service might not be started. Try:

sudo systemctl start ufw
sudo systemctl enable ufw

Replace “ufw” with your firewall tool. Then check the status again.

Firewall Shows Active But No Rules

This can happen if the service is running but no rules are loaded. For iptables, this is normal if you haven’t added any rules. For firewalld, it might mean the default zone has no services. Add a rule like:

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

Command Not Found

If you get “command not found,” the firewall tool isn’t installed. Install it with your package manager. For example:

sudo apt install ufw
sudo dnf install firewalld
sudo apt install iptables

Automating Firewall Status Checks

You can automate checks with scripts or cron jobs. For example, create a script that checks UFW status and emails you if it’s inactive:

#!/bin/bash
if ! sudo ufw status | grep -q "Status: active"; then
    echo "UFW is inactive!" | mail -s "Firewall Alert" you@example.com
fi

Save this as a script and run it via cron every hour. This ensures you’re always aware of changes.

Understanding Firewall Logs

Checking status is one thing, but logs tell you what the firewall is actually doing. For UFW, logs are in /var/log/ufw.log. For firewalld, check /var/log/firewalld. For iptables, logs go to /var/log/kern.log or /var/log/messages. Use tail -f to watch logs in real time:

sudo tail -f /var/log/ufw.log

Logs show blocked and allowed traffic, which helps you debug connectivity issues.

Firewall Status On Different Distros

Here’s a quick reference for popular distributions:

Ubuntu/Debian: Use sudo ufw status or sudo systemctl status ufw.
Fedora/RHEL/CentOS: Use sudo systemctl status firewalld or sudo firewall-cmd --state.
Arch Linux: Use sudo systemctl status iptables or sudo systemctl status nftables.
OpenSUSE: Use sudo systemctl status firewalld.

Some distros use multiple firewalls. For example, Ubuntu might have both UFW and iptables. Check both to be sure.

Best Practices For Firewall Management

Checking status is just the beginning. Here are a few tips to keep your firewall effective:

Check status after every reboot to ensure services start automatically.
Use verbose mode to review rules regularly.
Enable logging for critical services.
Test rules with tools like nmap to confirm they work.
Keep your firewall software updated.

Regular checks prevent surprises. Make it a habit to verify firewall status after configuration changes.

Frequently Asked Questions

How Do I Check If My Firewall Is Blocking A Port?

Use sudo ufw status numbered for UFW, or sudo firewall-cmd --list-ports for firewalld. For iptables, run sudo iptables -L -n and look for the port number.

Can I Check Firewall Status Without Root?

Most commands require sudo. However, you can check service status with systemctl status if you have the right permissions. On some systems, ufw status works without sudo if the policy allows it.

What Is The Difference Between UFW And Firewalld?

UFW is simpler and designed for desktop users. Firewalld is more feature-rich and uses zones. Both serve the same purpose but have different syntax.

How Do I Restart The Firewall After Changing Rules?

For UFW, use sudo ufw reload. For firewalld, use sudo firewall-cmd --reload. For iptables, you need to reload rules from a file or restart the service.

Why Does My Firewall Show Inactive Even After Enabling It?

Check if the service is enabled to start at boot. Use sudo systemctl enable ufw (or your firewall) and then start it with sudo systemctl start ufw. Also verify that no other firewall is conflicting.

Conclusion

Knowing how to check the firewall status in Linux is a simple but crucial skill. Whether you use UFW, firewalld, iptables, or nftables, the commands are straightforward. Regular checks ensure your system stays secure and your services run smoothly. Start by running the appropriate command for your distribution, then make it a habit to verify status after any network changes. With the steps in this guide, you’re now equipped to monitor and manage your Linux firewall effectivly.