How to setup firewall in Linux?

Firewalls are an integral component of every contemporary computer system, safeguarding the network and protecting the system from unauthorized access. This guide explores Linux firewalls and demonstrates how to configure them effectively.

A firewall is a network security device that monitors and restricts network traffic based on predefined security rules. Its primary function is to block unauthorized access to a computer system or network while allowing legitimate traffic. It functions as a gatekeeper, controlling what may enter and leave a network.

There are two major options for configuring a firewall in Linux: iptables and firewalld.

• iptables A command-line program for managing the Linux kernel firewall, extensively used for many years

• firewalld A modern dynamic daemon that provides a D-Bus interface for managing firewall rules, used as the default firewall in many distributions

Setting Up Firewall with iptables

Installation and Basic Setup

First, verify if iptables is installed on your system:

sudo iptables -L

If not installed, install it using:

sudo apt-get install iptables

Configuring Default Policies

Set the default policies to drop all incoming and outgoing traffic:

sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP

Adding Rules

The basic syntax for adding iptables rules is:

sudo iptables -A [CHAIN] -p [PROTOCOL] --dport [PORT] -j [ACTION]

Components of the rule:

Example commands:

# Allow incoming SSH traffic
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow outgoing HTTP traffic
sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

# Allow loopback traffic
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

Setting Up Firewall with firewalld

Installation and Status Check

Check if firewalld is running:

sudo firewall-cmd --state

If not installed, install it using:

sudo yum install firewalld
# or
sudo apt-get install firewalld

Zone Configuration

Check the default zone:

sudo firewall-cmd --get-default-zone

Change the default zone if needed:

sudo firewall-cmd --set-default-zone=public

Adding Services and Ports

Firewalld uses services to group related ports and protocols. Common services include http, https, ssh, and smtp.

# Allow HTTP service permanently
sudo firewall-cmd --add-service=http --permanent

# Allow HTTPS service permanently
sudo firewall-cmd --add-service=https --permanent

# Allow specific port (SSH)
sudo firewall-cmd --add-port=22/tcp --permanent

# Reload firewall to apply changes
sudo firewall-cmd --reload

List active services and ports:

sudo firewall-cmd --list-services
sudo firewall-cmd --list-ports

Comparison

Key Points

• Always set restrictive default policies and open only necessary ports

• Test firewall rules carefully to avoid locking yourself out of the system

• Use the --permanent flag with firewalld to persist rules across reboots

• Consider using firewalld for modern systems due to its simplified management

Conclusion

Both iptables and firewalld provide robust firewall capabilities for Linux systems. While iptables offers granular control, firewalld provides easier management with its service-based approach. Choose the tool that best fits your system requirements and administrative preferences for effective network security.