LINUX Firewall
Sanjog
What is Linux Firewall (firewalld)
A vital part of system security, Linux Firewall, or firewalld, safeguards against unauthorized access and controls network traffic. It blocks unwanted traffic, such as from specific IP addresses, subnets, ports, and services. Managed by the firewalld daemon, it adapts in real-time to network changes. firewalld operates with the concept of zones, ensuring efficient segmentation. Monitoring firewall services' status is easily done with commands like sudo and systemctl.
sudo systemctl status firewalld
Some Firewall Rules
Firewalls are essential for safeguarding our system against unauthorized access and managing network traffic, both incoming and outgoing. Here are a few examples of firewall rules:
Rule 1: Allowing SSH Traffic
This rule permits incoming traffic on the SSH port, enabling remote system access via Secure Shell (SSH).
sudo firewall-cmd --zone=public --add-services=ssh --permanent
sudo firewall-cmd --reload
Rule 2: Allowing Traffic on a Specific Port
This rule allows incoming traffic on a specific TCP port, such as port 8080. You can customize the port as needed.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
Rule 3: Blocking Traffic from a Specific IP Address
This rule blocks incoming traffic originating from the IP address 192.168.52.1. You can adjust the IP address according to your requirements.
sudo firewall-cmd --zone=public --add-rich='rule family="ipv4" source address="192.168.52.1" reject'
sudo firewall-cmd --reload
Different Types of Linux Firewalls
In the world of Linux, there are various firewall options to choose from. Some popular ones include IPCop, iptables, Shorewall, and UFW. Among these, iptables is one of the most widely used.
How Iptables Works:
Iptables is a software designed for Linux systems. It handles tasks like manipulating data, filtering packets, and translating network addresses (NAT). System administrators use iptables to manage the flow of incoming and outgoing traffic by creating rules.
Working of Iptables:
When a packet arrives in a Linux system, it passes through different chains and tables within the iptables firewall. The most commonly used tables are "filter" and "nat." Overall, iptables has five predefined tables: raw, nat, filter, security, and mangle.
Types of Tables:
Security Table: Often used alongside other security tools like SELinux, this table implements MAC (Mandatory Access Control) rules. It includes four built-in chains: OUTPUT, FORWARD, INPUT, and SECMARK.
Mangle Table: This table is used to modify packets by adjusting fields like ToS/DSCP and packet marks. It has five built-in chains: POSTROUTING, FORWARD, OUTPUT, PREROUTING, and INPUT.
Nat Table: Responsible for network address translation, allowing multiple devices to share a single public IP address. It includes two built-in chains: PREROUTING and POSTROUTING.
Raw Table: Used for low-level packet processing configurations. While it has limited built-in chains, additional chains can be created if needed.
Filter Table: This table is primarily used for packet filtering. It contains three built-in chains: INPUT, OUTPUT, and FORWARD.
Types of Chains:
Chains represent specific tasks or actions. There are three main types of built-in chains:
INPUT: Filters incoming traffic for the local system.
OUTPUT: Filters outgoing traffic from the local system.
FORWARD: Handles packets forwarded from one system to another.
Configure a Firewall on Linux OS
We will be configuring iptables in our operating system.
To install iptables
sudo dnf install iptables
Basic Syntax for using iptables
sudo iptables [option] CHAIN-rule [-j target]
Some Notes:
Output Chains: These chains handle traffic originating from the local machine, ensuring it follows the appropriate rules before leaving the system.
Input Chains: Traffic destined for the local machine must traverse these chains, adhering to the defined rules.
Forward Chains: Traffic moving between different network locations passes through these chains, where rules are enforced.
Common iptables Options:
| Options | Descriptions |
| -C | [CHECK]: This is to check and find a rule that matches the requirements of the string. |
| -D | [DELETE]: This is used to delete a specific rule. |
| -A | [APPEND]: This is used to append or add rules. |
| -I | [INSERT]: This can add a rule to a particular position in a string. |
| -L | [LIST]: To display all the rules we can use this. |
| -v | [VERBOSE]: This is used to get more information in the list option. |
| -X | [DELETE CHAIN]: This deletes the entire supplied string. |
| -p | [Protocol_name]: It is used to define the name of the protocol. |
| -N | [NEW CHAIN]: To create a new chain. |
| -j | [job]: It tells what operation has to be done with the packet. |
| -F | [Flush]: It is to delete all rules. |
| -s | [specify]: It is a flag used to specify the source of the packet. |
Common Firewall Issues and Troubleshooting Tips:
When dealing with firewalls, there are three primary policies to consider, each with its own function:
DROP: Blocks incoming signals, essentially denying access to the firewall for that specific IP address.
ACCEPT: Permits access to the system for the specified IP address.
REJECT: Similar to DROP, but sends a message indicating the reason for the connection failure.
Basic Operations and Their Syntax:
Creating Your First Rule:
To allow incoming ICMP (ping) traffic on the INPUT chain, use the following command:
sudo iptables -A INPUT -p icmp -j ACCEPT
Here, '-A' appends the rule to the end of the INPUT chain. '-p icmp' indicates the rule applies to ICMP traffic, and '-j ACCEPT' instructs to accept any traffic matching the rule.
Syntax for Using Policies:
sudo iptables -I/-A name_chain -s source_ip -p protocol_name --dport port_number -j action_to_do
Example:
Accept Rule: To allow IP address 192.168.160.51 on port 22 using TCP protocol:
sudo iptables -A INPUT -s 192.168.160.51 -p tcp --dport 22 -j ACCEPT
Drop Rule: To drop traffic from IP address 192.168.160.51:
sudo iptables -A/-I chain_name -s source_ip -j action_to_do
Reset Rule: To reset all iptables rules:
esudo iptables -F
Understanding Linux firewalls is crucial for system security. Iptables, among other options, is a popular choice, enabling manipulation of network traffic and packet filtering. Through predefined tables and chains, users can configure rules to control incoming and outgoing traffic effectively. Troubleshooting tips and basic operations like DROP, ACCEPT, and REJECT policies further enhance firewall management. Mastering Linux firewalls strengthens system security and safeguards against unauthorized access, ensuring smooth operation of Linux environments.
#Linux #Firewall #Iptables #NetworkSecurity #SystemAdministration #LinuxSecurity #NetworkManagement
Subscribe to my newsletter
Read articles from Sanjog directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by