How to setup firewall in Linux?

Firewalls are an integral component of every contemporary computer system, safeguarding the network and protecting the system from illegal access. We'll take a deep dive into the realm of Linux firewalls and learn how to configure one in this post.

Before we involve into the technical details of establishing a firewall in Linux, let us clarify what a firewall is and why it is so important!

A firewall is a network security device that monitors and restricts network traffic based on predefined security rules. A firewall's principal function is to block unauthorised access to a computer system or network while still allowing authorised access. It functions as a gatekeeper, controlling who and what may enter and depart a network.

There are two major choices for configuring a firewall in Linux: iptables and firewalld.

‘iptables’ is a command-line programme for managing the Linux kernel firewall. For many years, it was the default firewall for Linux servers and is still extensively used today.

‘firewalld’ is a more modern approach to managing firewalls in Linux. It is a dynamic daemon that provides a D-Bus interface for managing firewall rules, and it is used by many Linux distributions as the default firewall.

Now let's dive into the steps required to set up a firewall in Linux using both iptables and firewalld.

Using ‘iptables’ to Create a Firewall

  • To begin setting an iptables firewall, first ensure that it is already installed on your system. Although iptables is present in most Linux distributions, it is always a good idea to double-check.

  • Open a terminal and type the following command to see if iptables is installed on your system: sudo iptables -L

  • If iptables is not already installed on your machine, use the following command to install it: sudo apt-get install iptables

  • You may begin setting the firewall once you have validated that iptables is installed on your system.

  • The initial step in iptables configuration is to establish the default policies for incoming and outgoing traffic. The default policy determines what happens to packets that do not match any of the rules in the firewall.

  • To set the default policies to drop all incoming and outgoing traffic, run the following commands −

  • sudo iptables -P INPUT DROP
    sudo iptables -P OUTPUT DROP
  • Once you have set the default policies, you can start adding rules to allow or block specific types of traffic. The basic syntax for adding a rule to iptables is as follows −

  • sudo iptables -A [CHAIN] -p [PROTOCOL] --dport [PORT] -j [ACTION]

Let's break down the components of the rule −

  • CHAIN − This specifies the chain in the firewall where the rule will be added. The three default chains in iptables are INPUT, OUTPUT, and FORWARD.

  • PROTOCOL − This specifies the protocol for the traffic. Common protocols include TCP, UDP, and ICMP.

  • PORT − This specifies the port number for the traffic.

  • ACTION − This specifies what should happen to traffic that matches the rule. Common actions include ACCEPT, DROP, and REJECT.

The following command, for example, would accept incoming SSH traffic (port 22) on the INPUT chain −

sudo iptables -A INPUT -p tcp —dport 22 -j ACCEPT

Similarly, the following command would enable OUTPUT chain HTTP traffic (port 80) −

sudo iptables -A OUTPUT -p tcp —dport 80 -j ACCEPT

Using ‘firewalld’ to Create a Firewall

Another option for setting up a firewall in Linux is by using firewalld. Firewalld is a modern dynamic daemon that is used by several Linux distributions, such as CentOS, Fedora, and Red Hat Enterprise Linux, as the default firewall management tool.

The first step in configuring a firewall with firewalld is to see if it is already installed on your system.

Most recent Linux distributions come with firewalld pre-installed, however you may validate its presence in the terminal by typing the following command −

sudo firewall-cmd —state

If firewalld is not already installed on your machine, use the following command to install it: sudo yum install firewalld

Once you confirmed that firewalld is installed on your system, you start configuring the firewall.

The first step in configuring firewalld is to check the default zone. The default zone is a predefined set of rules that govern the traffic allowed on the system. To check the default zone, run the following command −

sudo firewall-cmd --get-default-zone

By default, the default zone is set to "public". You can change the default zone by running the following command −

sudo firewall-cmd --set-default-zone=zone

where "zone" is the name of the zone you want to set as default.

The next step is to add rules to the firewall to allow or block specific types of traffic. Firewalld uses a concept called "services" to group related ports and protocols together. Some of the commonly used services include "http", "https", "ssh", and "smtp".

To allow incoming HTTP traffic, for example, you can use the following command −

sudo firewall-cmd --add-service=http --permanent

The "--permanent" option makes the rule permanent, so it survives a reboot. If you do not use the "--permanent" option, the rule will be removed when the system is rebooted.

You can also allow specific ports by using the "--add-port" option. For example, the following command allows incoming traffic on port 22 for SSH −

sudo firewall-cmd --add-port=22/tcp --permanent

After adding the necessary rules, make sure to reload the firewall for the changes to take effect −

sudo firewall-cmd --reload