Linux - Configuration - Disable Firewall

What the Firewall Disabler does

This Automox Worklet™ stops the host-based firewall service on Linux endpoints. The Worklet automatically detects whether the system uses firewalld (RHEL, CentOS, Fedora, SUSE) or ufw (Ubuntu, Debian) and disables the appropriate service.

For systems running ufw, the Worklet executes ufw disable to deactivate the firewall. For systems running firewalld, it uses systemctl stop firewalld to stop the service. The Worklet only acts on systems where the firewall is currently active.

Systems that do not use either firewalld or ufw are automatically excluded from remediation, preventing errors on systems with custom firewall configurations.

Why disable the host firewall

Host-based firewalls can create troubleshooting overhead and connectivity issues when network infrastructure already handles traffic filtering. Some environments rely on perimeter firewalls and network segmentation for security, making endpoint-level firewalls redundant. This Worklet removes that redundancy by disabling the host firewall when network-layer protections are sufficient.

Certain applications and services require specific network configurations that conflict with default firewall rules. Temporarily disabling the firewall can help diagnose connectivity issues or allow applications that need dynamic port assignments.

In development and testing environments, disabled firewalls simplify application testing and reduce variables when troubleshooting. The Worklet provides a controlled method for managing firewall state across multiple endpoints.

How firewall disabling works

1. Evaluation phase: The Worklet checks for /usr/sbin/ufw or /usr/bin/firewall-cmd to identify the firewall type. It then queries the service status using ufw status or firewall-cmd --state. If the firewall is active or running, the endpoint is flagged for remediation. Inactive firewalls require no action.

2. Remediation phase: For ufw systems, the Worklet runs ufw disable. For firewalld systems, it runs systemctl stop firewalld. The Worklet reports success or failure based on the command exit code.

Firewall disabling requirements

• Linux endpoint with ufw (Ubuntu/Debian) or firewalld (RHEL/CentOS/Fedora/SUSE)

• Root or sudo privileges to manage firewall services

• Verify network-level security controls are in place before disabling host firewalls

Expected network state after firewall removal

After successful remediation, the endpoint no longer filters network traffic at the host level, and all network ports become accessible based on application configurations and network-level controls. You can verify this state by running ufw status on Ubuntu/Debian systems, which will show Status: inactive. On RHEL-family systems, running firewall-cmd --state will return not running.

All network ports are accessible based on application configurations and network-level controls. The endpoint accepts incoming connections on any port where a service is listening. Consider deploying the companion Enable Firewall Worklet if you need to restore firewall protection.

How to validate disable firewall changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for disable firewall.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as elif, else, exit.

4. Validate remediation effects from script operations such as elif, else, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable firewall. This supports repeatable system preferences workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as elif, else, exit and remediation operations such as elif, else, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.