How to Set Up and Manage Firewalls on Linux Systems

Aditya GadhaveAditya Gadhave
4 min read

  • A firewall in Linux is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

  • Linux uses several tools for firewall management, with iptables and firewalld being two of the most common.

  • It can be used to block access to different IP addresses, Specific subnets, ports (virtual points where network connections begin and end), and services.

Types of Linux Firewalls :

1. iptables

  • Description: iptables is the most traditional and widely-used Linux firewall tool. It interacts directly with the Linux kernel's netfilter subsystem to manage incoming and outgoing traffic using rules.

  • Features:

    • Works by organizing rules into tables (filter, nat, mangle, etc.) and chains (INPUT, OUTPUT, FORWARD).

    • Can filter traffic by IP, port, protocol, and other parameters.

    • Supports NAT (Network Address Translation) for modifying packet addresses.

  • Use Case: Ideal for complex firewall configurations requiring manual rule definitions.

2. firewalld

  • Description: firewalld is a dynamic firewall manager that offers an abstraction layer over iptables. It uses predefined zones (such as public, private, work) to assign different levels of trust to network connections.

  • Features:

    • Offers easy and dynamic configuration of firewall rules.

    • Supports IPv4, IPv6, Ethernet bridges, and ipsets.

    • Zones simplify applying rules to different network environments.

    • Has a GUI interface for managing firewall rules.

  • Use Case: Best for users who want an easier, more flexible tool for managing firewall rules.

3. nftables

  • Description: nftables is the modern replacement for iptables. It improves performance and usability by providing a simpler, unified syntax for packet filtering and classification. It also uses the netfilter framework.

  • Features:

    • Unified handling of IPv4, IPv6, and Layer 2 traffic (such as Ethernet).

    • Simpler rule sets compared to iptables.

    • Better performance with reduced system overhead.

    • Uses rulesets to define filtering actions, replacing iptables chains and tables.

  • Use Case: Ideal for new deployments or upgrades from iptables that need better performance and easier syntax.

4. Uncomplicated Firewall (UFW)

  • Description: UFW is a simple and user-friendly firewall interface built on top of iptables. It is used mainly in Ubuntu-based distributions to simplify the creation of firewall rules.

  • Features:

    • Simplifies basic firewall management, making it more accessible to non-expert users.

    • Designed to manage typical use cases like allowing or denying services by port or protocol.

    • Offers logging of dropped packets and other events.

  • Use Case: Best for users who want simple command-line control over their firewall without needing to write extensive rules.

Commands Firewalld:

    • To check status:

          sudo firewall-cmd --state

      • To list all rules:

          sudo firewall-cmd --list-all

      • To allow a service/port:

          udo firewall-cmd --add-service=http --permanent
  sudo firewall-cmd --reload

Configuring firewalld :

firewalld provides a more dynamic and easier way to manage firewall rules through zones.

Step 1 : Check Current firewalld Status

sudo firewall-cmd --state

Step 2: Check Active Zones

sudo firewall-cmd --get-active-zones

Step 3: Set Default Zone

The default zone is applied to all network interfaces unless specified otherwise.

sudo firewall-cmd --set-default-zone=public

Step 4: Allow Services in a Zone

You can open ports or allow services like HTTP, HTTPS, and SSH in a specific zone (e.g., public):

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --zone=public --add-service=ssh --permanent

Step 5: Allow Specific Ports

You can open specific ports (e.g., for a custom application):

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

Step 6: Reload firewalld

After making changes, reload the firewall to apply them:

sudo firewall-cmd --reload

Step 7: Check Active Rules

To view your current rules:

sudo firewall-cmd --list-all

Advantages And Disadvantages Of Firewall

AdvantagesDisadvantages
Provides enhanced security for networksCan be expensive and complex to maintain
Controls and filters incoming/outgoing trafficCan introduce performance overhead
Allows traffic monitoring and loggingOffers limited protection against some attacks
Prevents unauthorized remote accessSkilled attackers can bypass firewalls
Customizable rules for specific needsMisconfiguration can lead to security issues
Protects against DoS/DDoS attacksCan block legitimate applications
Enhances privacy and confidentialityRequires ongoing maintenance and updates
Ineffective against insider threats

Conclusion

In this article, we have discussed Linux Firewall, and how to configure Linux firewall. Linux is based on Unix-like which has a modular design. To protect our system, we have a Linux firewall and firewalld. We will discuss the different types of Linux firewall and their rules. In the end, we learned about how to configure a firewalld. By understanding this article one can secure their Linux system with the required firewall configuration.

0
Subscribe to my newsletter

Read articles from Aditya Gadhave directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxlinux for beginnerslinux-basicslinux-commandsfirewallAWSCloud ComputingnetworkingRevatureAditya Gadhave Blogs

Written by

Aditya Gadhave
Aditya Gadhave

๐Ÿ‘‹ Hello! I'm Aditya Gadhave, an enthusiastic Computer Engineering Undergraduate Student. My passion for technology has led me on an exciting journey where I'm honing my skills and making meaningful contributions.