Ports on AWS EC2 Instance gets blocked after the reboot


Sep 2018

Ports on AWS EC2 Instance gets blocked after the reboot





If you are working on AWS EC2 RHEL Instance version 7+ , you might notice that when the server is restarted, you’ll no longer have connectivity to the custom TCP ports from outside even if you have the Security Group with valid inbound and outbound rules


Root Cause:


If you are using CentOS/RHEL 7 or Fedora 18+ versions, Firewalld is enabled by default. Firewalld is the Dynamic Firewall Manager of Linux systems. This service is used to configure the network connections, thus deciding which external network or internal packets to allow traversing the network and which to block.


It allows two types of configurations, permanent and runtime. Runtime configurations are lost ones the service is restarted or server is rebooted but the permanent ones get retained across the service/system reboot so that they are enforced every time the service becomes active


Corresponding to these configurations, firewallD has two directories, default/fallback one (/usr/lib/firewalld) which is lost ones system is updated and the system configuration (/etc/firewalld) which remains permanent and overrides the default one if given. This is found as a default service in RHEL/CentOS 7 and Fedora 18.




Check if the firewalld is running using the below command:


# systemctl status firewalld

If you believe, you dont need the firewalld service, you can disable using the below command. I think it is an overkill to have VPC restrictions, security groups and have firewalld enabled:

# systemctl disable firewalld

You can also mask the service using the below command. It creates a symbolic link of the firewall.service to /dev/null, essentially disabling the service.

# systemctl mask firewalld

Post Your Thoughts

Your email address will not be published. Required fields are marked *