How to check firewall status in Linux

Checking firewall status on Linux ensures that only intended network traffic reaches exposed services, reducing the risk of accidental open ports or silently blocked applications. Regular visibility into which firewall framework is active and what it believes the policy to be is essential for troubleshooting and hardening.

Most modern systems rely on the kernel’s netfilter framework, exposed through tools such as ufw (Uncomplicated Firewall), firewalld, nftables, or legacy iptables. Each layer provides its own status and listing commands, and the most accurate picture usually comes from combining service status via systemd with the firewall tool’s own summary of active rules and policies.

Viewing firewall status generally requires sudo-level privileges and a terminal on the target host, but the commands below only read configuration and counters. Running multiple firewall frameworks simultaneously can create overlapping rules, so correlating service status with the actual rule listings avoids misinterpreting whether traffic is truly blocked or allowed.

Steps to check firewall status:

Open a terminal session on the target Linux system with sudo privileges.
```
$ whoami
alice
$ sudo -v
[sudo] password for alice:
```
Refreshing sudo credentials up front avoids repeated password prompts while running status commands.

Check the ufw service status on systems that use the Uncomplicated Firewall.

$ sudo systemctl status ufw
● ufw.service - Uncomplicated firewall
     Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2025-03-10 09:12:34 UTC; 1h 02min ago
##### snipped #####

If the unit is reported as

inactive

failed

, or not found, ufw is not currently controlling packet filtering.

Display detailed ufw status and rule summary when ufw is installed.

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
22/tcp                     ALLOW       Anywhere
##### snipped #####

The

Default:

line shows the base policy, while the table lists explicit allows or denies per port and address.

Check the firewalld service status on systems that use firewalld instead of ufw.

$ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2025-03-10 09:15:02 UTC; 59min ago
##### snipped #####

active (running)

state indicates that zones and rules are being enforced by firewalld.

Show firewalld runtime status and active zones.

$ sudo firewall-cmd --state
running
$ sudo firewall-cmd --get-active-zones
public
  interfaces: eth0
$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  services: ssh dhcpv6-client
##### snipped #####

The active zone’s

services:

and

ports:

lines reveal which ports are allowed for each interface.

Inspect the nftables ruleset on systems using nftables directly as the primary firewall.
```
$ sudo nft list ruleset
table inet filter {
  chain input {
    type filter hook input priority 0; policy drop;
##### snipped #####
  }
}
```
The table and chain definitions show default policies (such as
```
policy drop
```
) and any accept rules for specific ports or addresses.
Inspect legacy iptables filter rules when iptables is still used or emulated by compatibility layers.
```
$ sudo iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in  out  source     destination
  120  9000 ACCEPT     tcp  --  *   *    0.0.0.0/0  0.0.0.0/0   tcp dpt:22
##### snipped #####
```
Large or complex rule sets can produce extensive output; misinterpreting default policies such as
```
DROP
```
versus
```
ACCEPT
```
may lead to incorrect assumptions about open ports.
List running firewall-related services to see which frontend currently controls packet filtering.
```
$ systemctl --type=service --state=running | grep -E 'ufw|firewalld|nftables'
ufw.service               loaded active exited  Uncomplicated firewall
##### snipped #####
```
Multiple running firewall frontends on the same host can conflict; typically only one of ufw, firewalld, or a direct nftables service should manage rules.
Compare firewall status with listening sockets for a specific service such as SSH.
```
$ sudo ss -tulpn | grep ':22'
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=987,fd=3))
```
If a service is listening but not reachable from another host, the firewall’s default policy or a missing allow rule is a likely culprit.
Verify that the observed firewall status matches operational expectations by testing connectivity from a separate system.
```
$ nc -vz server.example.com 22
Connection to server.example.com 22 port [tcp/ssh] succeeded!
```
A successful test when the firewall status shows an allow rule for the corresponding port indicates consistent configuration and behavior.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.