Linux firewall is important to protect the system from unaccepted access and cyber threats. By setting up a specific firewall rule, you can manage the system that enters the system and end the system. Linux offers a variety of tools for firewall management iPTABLES and FirewallEffective to protect and control the network.
Establishing a firewall in the Linux system is an important measure for protecting potential intrusions and attacks. The firewall functions as a protection barrier between the internal network and the external connection, and the traffic is filtered based on the established rules. This protection is essential for maintaining the security of the system or server.
This guide explains the process of configuring firewalls with Linux and guarantees that the system remains safe and efficient.
read more: Linux distribution that feels like Windows in 2025
Firewall: What are they?
Firewall is a security mechanism designed to supervise and regulate both incoming and transmission network traffic. This functions as a protective barrier between a reliable internal network and an unreliable external connection, and implements established security policies. Firewalls can be deployed in hardware or software forms. The main purpose is as follows.
- Prevention of unacceptable access
- Promote legal communication
- Limit data infringement
Linux firewall type
There are several types of firewalls available on Linux, each with its own functions and functions.
1. IPTABLES
IPTABLES is the most commonly used firewall tool in Linux. It operates by establishing a rule that filters network traffic at various points, such as incoming calls and transmission connections. This tool works for both network layers (layer 3) and transport layers (layer 4).
2. Firewalld
Firewalld is a more modern firewall management tool found in distributions such as CentOS, RHEL, and Fedora. Provides a dynamic and user -friendly method for managing firewall rules using a zone, making it easier to configure security settings.
3. NFTABLES
NFTABLES functions as a successor to IPTABLES and provides a more efficient and enhanced approach to network traffic filtering. It is designed to replace iPtableS with a new Linux distribution, providing performance and functions to manage firewall rules.
What is the mechanism of Linux firewall?
Linux firewall manages network traffic by applying a series of rules to determine which type of network packet is permitted or blocked. These rules take into account some of the following:
- IP address: The origin of the packet or the destination address.
- Port number: The purpose is to access a specific communication port packet (for example, in the case of HTTP, port 80 or ssh port 22).
- protocol: The used network protocol (TCP, UDP, ICMP, etc.).
- Connection state: Is the packet part of the existing connection or part of a new connection request?
When the packet enters the system or departs, the firewall evaluates these rules and determines whether they need to be permitted or blocked. If the packet matches the “permission” rule, it is allowed to pass. If you correspond to the “denial” rule, it will be blocked.
Before jumping into the configuration, it is important to be familiar with the general firewall tools available in Linux Systems.
1. IPTABLES
IPTABLES is a robust command line utility used for filtering network traffic filtering. Works by setting a rule chain that manages various types of network traffic.
2. UFW (complex firewall)
UFW is an iPtable user -friendly interface designed to simplify the user’s configuration process.
3. Firewall
Firewalld is the latest firewall management tool that enables dynamic configuration. Use the zone to establish a network connection and interface trust level, and you can easily manage the firewall settings compared to iPTAbles.
4. CSF (Configserver Security and Firewall)
CSF is a comprehensive security solution that contains a firewall function.
5. Clearos and OpnSense
These are operating systems that focus on the firewall function and provide web -based interfaces to make it easier to manage.
Comparison table
| Features | You can move easily | Suitable for | Dynamic rule | GUI is available |
| UFW | Very easy | beginner | limited | yes |
| Firewall | easy | Zone -based management | yes | yes |
| iPTABLES | Moderate | Advanced management | no | no |
Approach 1: Set up the firewall using iPtableS
IPTABLES is a sophisticated tool for managing packet filtering and network address conversion (NAT). Ideal for experienced Linux users and system administrators who need to control network traffic neatly.
IPTABLES operates using a three -layer structure.
- table: These classify the rules based on the packet type.
- input: A packet arriving at the local machine.
- output: Packets generated from local machines.
- forward: Packet that is routed via a machine.
- chain: In each table, packets cross a series of rules. Processing stops when a matching rule is found and determines the fate of the packet.
- rule: Each rule defines the conditions for matching the packet and specify the following action.
- accept: Authentic for packets.
- Drop: Discard the packet quietly.
- Refuse: Discard the packet and send an error message.
- log: Log packet information.
- Jump: Redirect the packet to another chain.
The rule order is an important IPTABLES that checks the rules from top to bottom. If the rules match, the following rules are not evaluated. Therefore, a cautious rule is essential to prevent unintended results.
Step Bay Step Guide
Step 1: Check the current rules
First, execute and check the current firewall rules.
sudo iptables -LThis command displays the rules for input (incoming calls), transfer (transfer), and output (transmission) chains. If the rules are not listed, it means that most Linux systems start without a pre -defined rule.
Output column:
- target: Specify the packet action (for example, Accept, Drop).
- Prot: Indicates a packet protocol (for example, TCP, IP).
- sauce: Display the source address of the packet.
- destination: Indicates the packet address address.
Step 2: Reset existing rules
Use the following to clear all current rules and start with a beautiful slate.
sudo iptables -FStep 3: Change the default chain policy
Usually, the default policy of each chain is set to accept. Use this to change this.
sudo iptables -P example:
To block the traffic transferred by the system:
sudo iptables -P FORWARD DROPThis command prevents traffic from being routed through the system.
Step 4: Add drop rules
Start the definition of a firewall policy by focusing on the incoming traffic input chain.
syntax:
sudo iptables -A/-I -s -j example:
To block traffic from IP, 192.168.1.3:
sudo iptables -A INPUT -s 192.168.1.3 -j DROPexplanation:
- – input: Add the rules at the end of the input chain.
- – input: Insert the rules at the top of the chain.
- -S 192.168.1.3: Filter packet generated from 192.168.1.3.
- -J drop: Drop a packet that matches the standard.
Execute the following command to confirm the change.
sudo iptables -LAs a result,
Step 5: Add the acceptance rules
Use the following to allow certain port traffic such as SSH (port 22).
syntax:
sudo iptables -A/-I -s -p --dport -j example:
Packed a packet from 192.168.1.3 to port 22 using the TCP protocol.
sudo iptables -A INPUT -s 192.168.1.3 -p tcp --dport 22 -j ACCEPTtroubleshooting:
The rules are processed in order. If the drop rules of 192.168.1.3 are before the approval rules, the packet will not reach the acceptance rules. Fix it and insert the rules to accept this at the top.
sudo iptables -I INPUT -s 192.168.1.3 -p tcp --dport 22 -j ACCEPTThe output will display the current rules of the input chain and look as follows.
Step 6: Delete the rules (optional)
Use the following to delete the rules:
sudo iptables -D example:
Delete the first rule of the input chain.
sudo iptables -D INPUT 1output
Step 7: Save the configuration
When configuring a firewall on the server, save the settings to prevent loss during restart. Install the iPTABLES-Persistent package.
sudo apt-get updatesudo apt-get install iptables-persistentSave the configuration as follows.
sudo invoke-rc.d iptables-persistent saveApproach 2: Set up a firewall with a firewallD
Firewalld simplifies firewall management by organizing rules in zones (for example, public, work, home).
Step 1: Install and enable
Use to install the firewall
sudo apt-get install firewalld.Start Firewalld as a service and enable it.
sudo systemctl start firewalld
sudo systemctl enable firewalldStep 2: Assign an interface
Assign a network interface to a specific zone. For example, allocation eth0 Use to the “public” zone:
sudo firewall-cmd --zone=public --add-interface=eth0 --permanentStep 3: Absent services
Authorates a specific service in the zone. For example, permit HTTP traffic in the “public” zone.
sudo firewall-cmd –zone=public –add-service=http –permanent
sudo firewall-cmd –reloadStep 4: Display status
Check the active zone and the rules related to it.
sudo firewall-cmd –get-active-zones
sudo firewall-cmd –list-allThe above has demonstrated the above firewall configuration, including the creation of a “home” zone that restricts access to reliable devices while blocking all external connections.
Approach 3: Set up a firewall using UFW (simple firewall)
This guide uses a user -friendly UFW firewall to show a simple and effective approach to protect your personal Linux machine.
Step 1
Enable UFW: Start by activating UFW with c.mand
sudo ufw enable.Step 2
Allow important services: Use the command to allow the necessary services such as SSH
sudo ufw allow sshStep 3
Block unnecessary traffic: Use the command to block traffic to specific ports such as port 8080
udo ufw deny 8080.Step 4
Check the status of the firewall: Use the command to check the current firewall status
sudo ufw status.Prevention of general error
Temporary rules: Ignoring the change in the rules of the firewall may cause the configuration to be lost when the system is restarted.
Excessive blocking: Excessive drop rules can inadvertently block essential traffic and can lock you from the system.
Zone Misukan Mansion (Firewalld): Inconvenibly assigning a network interface to the firewall zone can lead to unexpected traffic blocks and exposure.
read more: How to use the SCP command with Linux
Important hints for managing firewalls
Evaluate network requirements: Determine specific ports and services that are essential for system operation and block all other ports.
Implement a robust logging: Enable logging to monitor both the authorized traffic and the blocked traffic, and facilitate effective troubleshooting. Use the following command
Sudo Firewall-CMD –Set-log-denied = Firewalld’s log target that records all or deleted packets.
Thoroughly test the firewall rules. Scan the system using tools such as NMAP, and confirm that only the intended ports are accessible.
Automated the firewall configuration: Utilizing tools such as Startup Scripts or Ansible to rationalize and automate the application of firewall rules.
summary
This guide sets a firewall on the Linux system and provides simple steps to enhance security for potential threats. Whether you are configuring basic or complex rules, whether UFW or other tools are used, the appropriately configured firewall is essential for system security. To maintain a safe Linux environment and prevent unauthorized access or cyber attacks, regular updates and consistent monitoring are essential.
