Firewall  in LINUX - Ubuntu & CentOs

Firewall in LINUX - Ubuntu & CentOs

A quick walkthrough on firewall setup..

WHAT IS FIREWALL?

A firewall is a network security device or software that acts as a barrier between a trusted internal network and untrusted external networks, such as the Internet. Its primary purpose is to monitor and control incoming and outgoing network traffic based on predefined security rules. Firewalls play a critical role in enhancing network security by enforcing policies that prevent unauthorized access, protect against cyber threats, and ensure the confidentiality, integrity, and availability of network resources.

How Firewall Work?

A firewall decides which network traffic is allowed to pass through and which traffic is deemed dangerous. Essentially, it works by filtering out the good from the bad, or the trusted from the untrusted.

Firewalls are intended to secure private networks and the endpoint devices within them, known as network hosts. Network hosts are devices that ‘talk’ with other hosts on the network.

What is a firewall in Linux?

In Linux, a firewall is a software-based security mechanism that controls incoming and outgoing network traffic on a system. It regulates the flow of network packets based on predefined rules, helping to protect the system from unauthorized access, malicious activities, and potential security threats.

Tools for using a firewall in Linux?

These tools can help you configure, monitor, and manage firewall rules to enhance the security of your network.

iptables:

iptables is the standard firewall management tool for Linux. It allows you to configure and manage firewall rules in a granular way. While it has a steeper learning curve compared to UFW and Firewall d, it provides more fine-grained control over network traffic.

Uncomplicated Firewall (UFW):

UFW is a user-friendly front for tables that simplifies the process of configuring firewall rules. It is designed to be easy to use and is great for users who are new to firewall management. UFW provides a simplified command-line interface for managing rules and supports application profiles.

Firewall d:

Firewall d is another user-friendly firewall management tool that focuses on dynamically managing firewall rules. It is commonly used on systems running Red Hat-based distributions (like CentOS and Fedora). Firewalld uses zones and services to manage network access. It also supports runtime changes without disrupting active connections.

nftables:

nftables is a modern replacement for iptables that offer better performance and more flexibility. It provides a consistent framework for packet filtering and network address translation. nftables is often used on newer Linux distributions.

How to set up a firewall on Ubuntu?

firewall on Ubuntu is a good way to enhance the security of your system by controlling incoming and outgoing network traffic.

The default firewall management tool for Ubuntu is called ufw (Uncomplicated Firewall), which provides a simplified interface for managing iptables, the standard firewall management tool for Linux.

Steps to install and use ufw to set up a firewall on Ubuntu:

Step 1:

you can update it using the following command:

sudo apt update

Step 2:

you can install it using the following command (In my case it is already Installed):

sudo apt install ufw

step 3:

Enable and start ufw:

After installing ufw, you need to enable and start it:

sudo ufw enable

step 4:

Configure ufw rules:

Check the status of the ufw

sudo ufw status

You can then set up rules to allow or deny specific types of network traffic.

Allow SSH (replace <port> with the actual port number):

sudo ufw allow <port>/tcp

Allow HTTP and HTTPS:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Now you can check the status of ufw:

Allow specific port range:

sudo ufw allow 10000:10010/tcp

Deny incoming traffic:

sudo ufw default deny incoming

Allow outgoing traffic:

sudo ufw default allow outgoing

Step 5:

Check and enable rules:

Review the rules you've set up using:

sudo ufw status verbose

Step 6:

Additional settings:

  • If you're using a server and want to make sure you don't get locked out when enabling the firewall, you can first allow SSH connections and then enable the firewall:

      sudo ufw allow OpenSSH
      sudo ufw enable
    

  • To disable the firewall, you can use:

      sudo ufw disable
    

How to set up a firewall on CentOS?

On CentOS, the default firewall management tool is Firewalld. It provides an interface for managing firewall rules and configurations in a dynamic and user-friendly way.

Steps to install and use ufw to set up a firewall on CentOS:

Step 1.

Install firewalld

you can install it using the following command:

sudo yum install firewalld
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.centos.org
 * extras: mirrors.centos.org
 * updates: mirrors.centos.org
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.8.3-11.el8_3.1 will be installed
--> Processing Dependency: firewalld-filesystem = 0.8.3-11.el8_3.1 for package: firewalld-0.8.3-11.el8_3.1.noarch
--> Processing Dependency: python3-firewall = 0.8.3-11.el8_3.1 for package: firewalld-0.8.3-11.el8_3.1.noarch
--> Running transaction check
---> Package firewalld-filesystem.noarch 0:0.8.3-11.el8_3.1 will be installed
---> Package python3-firewall.noarch 0:0.8.3-11.el8_3.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                        Arch              Version                       Repository                      Size
========================================================================================================================
Installing:
 firewalld                      noarch            0.8.3-11.el8_3.1              AppStream                      513 k
Installing dependencies:
 firewalld-filesystem           noarch            0.8.3-11.el8_3.1              AppStream                       76 k
 python3-firewall               noarch            0.8.3-11.el8_3.1              AppStream                      507 k

Transaction Summary
========================================================================================================================
Install  3 Packages

Total download size: 1.1 M
Installed size: 4.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): firewalld-filesystem-0.8.3-11.el8_3.1.noarch.rpm                                34 kB/s |  76 kB     00:02
(2/3): python3-firewall-0.8.3-11.el8_3.1.noarch.rpm                                    29 kB/s | 507 kB     00:17
(3/3): firewalld-0.8.3-11.el8_3.1.noarch.rpm                                           58 kB/s | 513 kB     00:08
------------------------------------------------------------------------------------------------------------------------
Total                                                                              12 kB/s | 1.1 MB     01:32
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Preparing        :                                                                                          1/1
  Installing       : firewalld-filesystem-0.8.3-11.el8_3.1.noarch                                            1/3
  Installing       : python3-firewall-0.8.3-11.el8_3.1.noarch                                                2/3
  Installing       : firewalld-0.8.3-11.el8_3.1.noarch                                                       3/3
  Running scriptlet: firewalld-0.8.3-11.el8_3.1.noarch                                                       3/3
  Verifying        : firewalld-0.8.3-11.el8_3.1.noarch                                                       1/3
  Verifying        : firewalld-filesystem-0.8.3-11.el8_3.1.noarch                                            2/3
  Verifying        : python3-firewall-0.8.3-11.el8_3.1.noarch                                                3/3

Installed:
  firewalld-0.8.3-11.el8_3.1.noarch                 firewalld-filesystem-0.8.3-11.el8_3.1.noarch
  python3-firewall-0.8.3-11.el8_3.1.noarch

Complete!

Step 2.

Enable and start firewalld:

After installing firewalld, you need to enable and start it:

sudo systemctl enable firewalld
sudo systemctl start firewalld

Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
Job for firewalld.service failed because the control process exited with error code.
See "systemctl status firewalld.service" and "journalctl -xe" for details.

Step 3.

Configure firewalld rules:

You can then configure rules to allow or deny specific types of network traffic. Here are some common examples:

  • Allow SSH (replace <port> with the actual port number):

      sudo firewall-cmd --add-service=ssh --permanent
    

  • Allow HTTP and HTTPS:

      sudo firewall-cmd --add-service=http --permanent
      sudo firewall-cmd --add-service=https --permanent
    

  • Allow a specific port:

      sudo firewall-cmd --add-port=<port>/tcp --permanent
    

  • Reload the firewall to apply changes:

      sudo firewall-cmd --reload
    

Step 4.

Additional settings:

  • To see the active zones and their associated rules:

      sudo firewall-cmd --list-all
    

  • To see available services:

      sudo firewall-cmd --get-services
    

  • To add a custom service:

      sudo firewall-cmd --add-service=<service-name> --permanent
      sudo firewall-cmd --reload
    

Step 5.

Disabling firewalld:

If you want to disable firewalld temporarily, you can use the following commands:

sudo systemctl stop firewalld
sudo systemctl disable firewalld

Firewall As NGINX?

NGINX involves setting up rules to control incoming and outgoing traffic.NGINX can, however, be used to control and restrict access to certain resources based on IP addresses or other conditions.

to implement firewall rules using NGINX, here are some examples :

Install NGINX:

Ensure that NGINX is installed on your server.

Nginx, you'll need to configure your firewall rules to allow traffic to the ports used by Nginx (typically ports 80 and 443 for HTTP and HTTPS). Here's how you can do it using the Uncomplicated Firewall (UFW) on an Ubuntu-based system:

  1. Check UFW Status:

    Make sure UFW is installed and enabled. You can check the status using:

     sudo ufw status
    

  2. Allow Nginx Ports:

    If you haven't configured any rules yet, you can allow incoming traffic on ports 80 (HTTP) and 443 (HTTPS) for Nginx:

     sudo ufw allow 80/tcp
     sudo ufw allow 443/tcp
    

  3. Enable UFW:

    If UFW is not already enabled, you can enable it:

     sudo ufw enable
    

  4. Check Status:

    Verify that the rules are correctly configured:

     sudo ufw status
    

  5. The output should show that traffic to ports 80, 443, 8080, and 1000:10010 is allowed.

  6. Reload Nginx:

    After configuring the firewall, you might need to reload Nginx to apply any changes:

     sudo systemctl reload nginx
    

Remember, these instructions assume that you're using the default ports (80 and 443) for Nginx. If you've configured Nginx to use different ports, make sure to replace the port numbers in the commands above accordingly.

Additionally, if your server requires other services to be accessible, such as SSH for remote access, you'll need to configure the firewall to allow traffic to those ports as well. Always follow security best practices and limit access only to the necessary services.