WHAT IS FIREWALL?
A firewall is a network security device or software that acts as a barrier between a trusted internal network and untrusted external networks, such as the Internet. Its primary purpose is to monitor and control incoming and outgoing network traffic based on predefined security rules. Firewalls play a critical role in enhancing network security by enforcing policies that prevent unauthorized access, protect against cyber threats, and ensure the confidentiality, integrity, and availability of network resources.
How Firewall Work?
A firewall decides which network traffic is allowed to pass through and which traffic is deemed dangerous. Essentially, it works by filtering out the good from the bad, or the trusted from the untrusted.
Firewalls are intended to secure private networks and the endpoint devices within them, known as network hosts. Network hosts are devices that ‘talk’ with other hosts on the network.
What is a firewall in Linux?
In Linux, a firewall is a software-based security mechanism that controls incoming and outgoing network traffic on a system. It regulates the flow of network packets based on predefined rules, helping to protect the system from unauthorized access, malicious activities, and potential security threats.
Tools for using a firewall in Linux?
These tools can help you configure, monitor, and manage firewall rules to enhance the security of your network.
iptables:
iptables
is the standard firewall management tool for Linux. It allows you to configure and manage firewall rules in a granular way. While it has a steeper learning curve compared to UFW and Firewall d, it provides more fine-grained control over network traffic.
Uncomplicated Firewall (UFW):
UFW is a user-friendly front for tables that simplifies the process of configuring firewall rules. It is designed to be easy to use and is great for users who are new to firewall management. UFW provides a simplified command-line interface for managing rules and supports application profiles.
Firewall d:
Firewall d
is another user-friendly firewall management tool that focuses on dynamically managing firewall rules. It is commonly used on systems running Red Hat-based distributions (like CentOS and Fedora). Firewalld uses zones and services to manage network access. It also supports runtime changes without disrupting active connections.
nftables:
nftables
is a modern replacement for iptables
that offer better performance and more flexibility. It provides a consistent framework for packet filtering and network address translation. nftables
is often used on newer Linux distributions.
How to set up a firewall on Ubuntu?
firewall on Ubuntu is a good way to enhance the security of your system by controlling incoming and outgoing network traffic.
The default firewall management tool for Ubuntu is called ufw
(Uncomplicated Firewall), which provides a simplified interface for managing iptables
, the standard firewall management tool for Linux.
Steps to install and use ufw
to set up a firewall on Ubuntu:
Step 1:
you can update it using the following command:
sudo apt update
Step 2:
you can install it using the following command (In my case it is already Installed):
sudo apt install ufw
step 3:
Enable and start ufw:
After installing ufw
, you need to enable and start it:
sudo ufw enable
step 4:
Configure ufw
rules:
Check the status of the ufw
sudo ufw status
You can then set up rules to allow or deny specific types of network traffic.
Allow SSH (replace <port>
with the actual port number):
sudo ufw allow <port>/tcp
Allow HTTP and HTTPS:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Now you can check the status of ufw:
Allow specific port range:
sudo ufw allow 10000:10010/tcp
Deny incoming traffic:
sudo ufw default deny incoming
Allow outgoing traffic:
sudo ufw default allow outgoing
Step 5:
Check and enable rules:
Review the rules you've set up using:
sudo ufw status verbose
Step 6:
Additional settings:
If you're using a server and want to make sure you don't get locked out when enabling the firewall, you can first allow SSH connections and then enable the firewall:
sudo ufw allow OpenSSH sudo ufw enable
To disable the firewall, you can use:
sudo ufw disable
How to set up a firewall on CentOS?
On CentOS, the default firewall management tool is Firewalld
. It provides an interface for managing firewall rules and configurations in a dynamic and user-friendly way.
Steps to install and use ufw
to set up a firewall on CentOS:
Step 1.
Install firewalld
you can install it using the following command:
sudo yum install firewalld
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.centos.org
* extras: mirrors.centos.org
* updates: mirrors.centos.org
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.8.3-11.el8_3.1 will be installed
--> Processing Dependency: firewalld-filesystem = 0.8.3-11.el8_3.1 for package: firewalld-0.8.3-11.el8_3.1.noarch
--> Processing Dependency: python3-firewall = 0.8.3-11.el8_3.1 for package: firewalld-0.8.3-11.el8_3.1.noarch
--> Running transaction check
---> Package firewalld-filesystem.noarch 0:0.8.3-11.el8_3.1 will be installed
---> Package python3-firewall.noarch 0:0.8.3-11.el8_3.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
firewalld noarch 0.8.3-11.el8_3.1 AppStream 513 k
Installing dependencies:
firewalld-filesystem noarch 0.8.3-11.el8_3.1 AppStream 76 k
python3-firewall noarch 0.8.3-11.el8_3.1 AppStream 507 k
Transaction Summary
========================================================================================================================
Install 3 Packages
Total download size: 1.1 M
Installed size: 4.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): firewalld-filesystem-0.8.3-11.el8_3.1.noarch.rpm 34 kB/s | 76 kB 00:02
(2/3): python3-firewall-0.8.3-11.el8_3.1.noarch.rpm 29 kB/s | 507 kB 00:17
(3/3): firewalld-0.8.3-11.el8_3.1.noarch.rpm 58 kB/s | 513 kB 00:08
------------------------------------------------------------------------------------------------------------------------
Total 12 kB/s | 1.1 MB 01:32
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Preparing : 1/1
Installing : firewalld-filesystem-0.8.3-11.el8_3.1.noarch 1/3
Installing : python3-firewall-0.8.3-11.el8_3.1.noarch 2/3
Installing : firewalld-0.8.3-11.el8_3.1.noarch 3/3
Running scriptlet: firewalld-0.8.3-11.el8_3.1.noarch 3/3
Verifying : firewalld-0.8.3-11.el8_3.1.noarch 1/3
Verifying : firewalld-filesystem-0.8.3-11.el8_3.1.noarch 2/3
Verifying : python3-firewall-0.8.3-11.el8_3.1.noarch 3/3
Installed:
firewalld-0.8.3-11.el8_3.1.noarch firewalld-filesystem-0.8.3-11.el8_3.1.noarch
python3-firewall-0.8.3-11.el8_3.1.noarch
Complete!
Step 2.
Enable and start firewalld
:
After installing firewalld
, you need to enable and start it:
sudo systemctl enable firewalld
sudo systemctl start firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
Job for firewalld.service failed because the control process exited with error code.
See "systemctl status firewalld.service" and "journalctl -xe" for details.
Step 3.
Configure firewalld
rules:
You can then configure rules to allow or deny specific types of network traffic. Here are some common examples:
Allow SSH (replace
<port>
with the actual port number):sudo firewall-cmd --add-service=ssh --permanent
Allow HTTP and HTTPS:
sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent
Allow a specific port:
sudo firewall-cmd --add-port=<port>/tcp --permanent
Reload the firewall to apply changes:
sudo firewall-cmd --reload
Step 4.
Additional settings:
To see the active zones and their associated rules:
sudo firewall-cmd --list-all
To see available services:
sudo firewall-cmd --get-services
To add a custom service:
sudo firewall-cmd --add-service=<service-name> --permanent sudo firewall-cmd --reload
Step 5.
Disabling firewalld
:
If you want to disable firewalld
temporarily, you can use the following commands:
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Firewall As NGINX?
NGINX involves setting up rules to control incoming and outgoing traffic.NGINX can, however, be used to control and restrict access to certain resources based on IP addresses or other conditions.
to implement firewall rules using NGINX, here are some examples :
Install NGINX:
Ensure that NGINX is installed on your server.
Nginx, you'll need to configure your firewall rules to allow traffic to the ports used by Nginx (typically ports 80 and 443 for HTTP and HTTPS). Here's how you can do it using the Uncomplicated Firewall (UFW) on an Ubuntu-based system:
Check UFW Status:
Make sure UFW is installed and enabled. You can check the status using:
sudo ufw status
Allow Nginx Ports:
If you haven't configured any rules yet, you can allow incoming traffic on ports 80 (HTTP) and 443 (HTTPS) for Nginx:
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
Enable UFW:
If UFW is not already enabled, you can enable it:
sudo ufw enable
Check Status:
Verify that the rules are correctly configured:
sudo ufw status
The output should show that traffic to ports 80, 443, 8080, and 1000:10010 is allowed.
Reload Nginx:
After configuring the firewall, you might need to reload Nginx to apply any changes:
sudo systemctl reload nginx
Remember, these instructions assume that you're using the default ports (80 and 443) for Nginx. If you've configured Nginx to use different ports, make sure to replace the port numbers in the commands above accordingly.
Additionally, if your server requires other services to be accessible, such as SSH for remote access, you'll need to configure the firewall to allow traffic to those ports as well. Always follow security best practices and limit access only to the necessary services.