Linux 112: Configuring Firewalls with iptables and firewalld

byAhmed Kira -
0

Linux 112: Configuring Firewalls with iptables and firewalld

A firewall is your first line of defense against unauthorized access to your Linux server. In this article, we'll explore how to configure and manage firewall rules using two of the most common tools on Linux systems: iptables and firewalld.

1. Understanding Linux Firewalls

A firewall controls the incoming and outgoing traffic based on predefined rules. Linux systems typically use iptables or firewalld to configure these rules.

  • iptables: A rule-based firewall that offers granular control.
  • firewalld: A higher-level firewall manager using zones and services, built on top of iptables/nftables.

2. iptables Basics

Installing iptables (if not already installed)


# Debian/Ubuntu
sudo apt install iptables

# RHEL/CentOS
sudo yum install iptables

Viewing Current Rules


sudo iptables -L -v -n

  • -L: List rules
  • -v: Verbose
  • -n: Don’t resolve hostnames

Allow Incoming SSH Traffic


sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Block a Specific IP Address


sudo iptables -A INPUT -s 192.168.1.100 -j DROP

Allow HTTP and HTTPS


sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Save iptables Rules


# Debian/Ubuntu
sudo iptables-save > /etc/iptables/rules.v4

# RHEL/CentOS
sudo service iptables save

3. firewalld Basics

Installing firewalld


# Debian/Ubuntu
sudo apt install firewalld

# RHEL/CentOS
sudo yum install firewalld

Starting and Enabling firewalld


sudo systemctl start firewalld
sudo systemctl enable firewalld

Check firewalld Status


sudo firewall-cmd --state

4. Managing firewalld Zones and Services

List Active Zones


sudo firewall-cmd --get-active-zones

Add a Service to a Zone


sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --reload

Allow a Specific Port


sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Block a Specific IP


sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" reject'
sudo firewall-cmd --reload

5. firewalld vs iptables: When to Use What

Featureiptablesfirewalld
Management StyleManual, rule-basedZone/service-based abstraction
Ease of UseRequires detailed knowledgeMore user-friendly
Dynamic ConfigurationNot supportedSupported (no need to flush rules)
Default on Most SystemsLegacy (still available)Default on RHEL 7+/CentOS 7+/Fedora

Use iptables if you need fine-grained, low-level control. Use firewalld for ease of management and dynamic configurations.

6. Common Troubleshooting Tips

  • Check open ports:

sudo ss -tuln
  • Check active firewall rules:

sudo iptables -L -v -n
# or
sudo firewall-cmd --list-all

  • Logs: Check /var/log/messages or journalctl -xe for blocked traffic clues.
  • Flush rules (use with caution):


sudo iptables -F

7. Conclusion

Understanding and configuring firewalls is crucial for securing your Linux server. Whether you use the detailed control of iptables or the flexibility of firewalld, a properly configured firewall helps defend against unauthorized access and attacks.

Next Steps

  • Explore nftables, the modern replacement for iptables.
  • Set up automatic banning of malicious IPs using fail2ban.
  • Integrate firewall rules with SELinux or AppArmor for enhanced security.

Stay tuned for the next article in the series:
Linux 113: Managing Users and Permissions

Post a Comment (0)
Previous Post Next Post

ads