Linux Firewalls and Security


Firewalls are essential for securing Linux systems by controlling incoming and outgoing network traffic based on security rules. Linux firewalls, often managed with tools like iptables, nftables, or ufw (Uncomplicated Firewall), help to block unauthorized access while allowing legitimate traffic. Here’s a basic guide to managing firewall security in Linux with example commands and outputs.


1. Basic Firewall Setup with UFW (Uncomplicated Firewall)

ufw is a user-friendly interface for iptables, available on many Linux distributions (like Ubuntu) to simplify firewall management.

Install UFW

In most cases, ufw is pre-installed. If it’s not, you can install it with:

sudo apt update sudo apt install ufw

Enable UFW

Enable the firewall and set default rules to deny all incoming traffic while allowing outgoing traffic.

sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable

Example Output:

Firewall is active and enabled on system startup

2. Allowing Specific Services or Ports

To allow specific services or ports, such as SSH (port 22) or HTTP (port 80), use the ufw allow command.

Allow SSH:

sudo ufw allow ssh

Example Output:

Rule added Rule added (v6)

Allow HTTP (port 80):

sudo ufw allow 80

Example Output:

Rule added Rule added (v6)

To allow HTTPS (port 443):

sudo ufw allow https

This lets you control which services are accessible from outside while blocking everything else by default.

3. Listing UFW Rules

Check the current rules configured in ufw:

sudo ufw status

Example Output:

Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)

4. Deleting Rules

If you need to remove a rule, specify the port or service. For example, to delete the SSH rule:

sudo ufw delete allow ssh

Example Output:

Rule deleted Rule deleted (v6)

5. Using iptables for Advanced Control

For advanced users, iptables provides detailed control over firewall rules. Here’s an example of some common iptables commands.

Check Current Rules

To view all active rules:

sudo iptables -L

Example Output:

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http DROP all -- anywhere anywhere

Block an IP Address

To block all incoming traffic from a specific IP (e.g., 192.168.1.100):

sudo iptables -A INPUT -s 192.168.1.100 -j DROP

Example Output:

No output is shown, but you can confirm the rule was added by running sudo iptables -L.

Allow a Specific IP

To allow a specific IP address (e.g., 192.168.1.101) to connect to your server:

sudo iptables -A INPUT -s 192.168.1.101 -j ACCEPT

6. Saving Firewall Rules

iptables rules do not persist after a reboot. To save your current rules:

sudo iptables-save > /etc/iptables/rules.v4

For IPv6 rules, use rules.v6:

sudo ip6tables-save > /etc/iptables/rules.v6

7. Verifying and Testing the Firewall

To ensure the firewall is working, you can test connectivity by trying to access services or ports from another machine. For instance:

  • Allowed Services: Connect via SSH or HTTP from a remote machine to verify they’re accessible.
  • Blocked Services: Attempt to access a blocked port (e.g., a random port like 1234) to verify it’s blocked.

8. Disabling the Firewall Temporarily (for Testing)

To temporarily disable UFW, you can use:

sudo ufw disable

Example Output:

Firewall stopped and disabled on system startup

Re-enabling the firewall after testing is as simple as running:

sudo ufw enable

This setup provides basic security by only allowing necessary traffic, blocking unnecessary connections, and protecting against unauthorized access. UFW is user-friendly and works well for most use cases, while iptables offers more fine-grained control.