Linux Firewalls

Linux operating systems, just like Windows operating systems, have a built-in firewall application. While improvements to firewall technology have been made over time, firewall applications have been in use as part of the Linux operating system for a long time.

The first and widely used Linux firewall was called ipchains. It was actually a simple application consisting of a chain of rules for filtering traffic. It was first introduced in Linux kernel version 2.2 and replaced the earlier ipfwadm (which was not widely used). The more modern iptables application then replaced ipchains and became the primary firewall for Linux. The iptables service was first introduced in Linux kernel 2.4.

On most Linux systems, iptables is installed in the /usr/sbin/iptables directory. However, if it was not included in your Linux installation or does not appear in a new installation, you can install it via the package manager.

Iptables is an advanced extension of the ipchains concept. An iptables firewall consists of three different types of objects: tables, chains and rules. Essentially, tables contain chains of rules. Each chain has a set of rules that define how packets are filtered. There are in fact three tables, and each contains some standard rule chains.

The three tables and their standard chains are as follows. You can of course add your own custom rules as well.

Packet filtering: This is an important part of a packet filtering firewall. The filter table contains three standard chains: INPUT, OUTPUT and FORWARD.

The INPUT chain handles incoming packets and OUTPUT processes traffic sent out. Of course, if the firewall acts as a router, only the FORWARD chain is used for forwarded packets.

Network address translation: Used to perform network address translation on outgoing traffic when initiating a new connection. Only used if your machine acts as a gateway or proxy server.

Packet mangling: This table is used exclusively for special packet modification. It is often called the mangle table because packets are altered or mangled. It contains two standard chains.

Iptables Linux Firewall Configuration

Iptables requires some configuration settings. You can perform these configurations via a GUI (KDE, GNOME, etc.). Shell commands, on the other hand, are common across most distributions.

The following commands are needed to make it function as a basic packet filter.

iptables -F
iptables -N
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Admittedly, this is the most basic iptables configuration. To list the iptables rules currently in effect on your system, you can use the following command:

iptables -L

To allow communication for certain ports such as SSH 22 and HTTP 80, you can use the following commands:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT

Some flags are also used in iptables commands. The most common flags and their functions are listed below.

• -A: Appends a rule to a rule chain.
• -L: Lists the current filter rules.
• -p: The connection protocol used.
• –dport: The destination port required by the rule.
• -i: Matches only if the packet arrives on the specified interface.
• -v: Provides verbose output.
• -s, –source: Address source specification.
• -d, –target: Address destination specification.

To save iptables rules, remember to run the command “sudo iptables-save”.

If you want to remove iptables from system startup, you can use the command “systemctl disable iptables”. To view service logs and errors for iptables, you can use the command “journalctl -f -u iptables.service”.

Ubuntu Firewall – UFW

The default firewall configuration tool for Ubuntu is ufw. It was developed to simplify iptables firewall configuration. Ufw provides a user-friendly interface for creating IPv4 or IPv6 host-based firewalls.

The Ubuntu firewall application ufw is disabled by default.

Ufw is not designed to provide a complete firewall function through its command interface. Instead, it provides an easy way to add or remove simple rules.

First, ufw needs to be enabled. You can activate ufw by opening a terminal and entering the following command:

sudo ufw enable

To open a port, you can use the following command. In this command, we are allowing the SSH port 22:

sudo ufw allow 22

Similarly, you can disable a rule you have previously allowed using the following command. In the command below, we are blocking access to port 22:

sudo ufw deny 22

You can also number rules and order them from top to bottom. In this command, using 1, we have defined a rule to allow port 80 at the very beginning:

sudo ufw insert 1 allow 80

CentOS Firewall – Firewalld

On CentOS and some Linux distributions, firewalld is used by default. The firewalld service provides a dynamically managed firewall application that defines network connections or interfaces. There is also a distinction between runtime and permanent configuration options. Additionally, it provides an interface for services or applications to add firewall rules directly.

Regardless of how dynamic your network environment is, it is necessary to be familiar with the general operating principle behind each of the predefined zones. The predefined zones, ordered from least trusted to most trusted, are as follows:

• drop: The lowest trust level. All incoming connections are left unanswered and only outgoing connections are used.
• block: Similar to the drop zone above, but instead of simply dropping connections, incoming requests are rejected with an icmp-host-prohibited or icmp6-adm-prohibited message.
• public: Represents public, untrusted networks. You can selectively allow incoming connections depending on the situation.
• external: Activated when you are using the firewall as a gateway. Configured for NAT masquerading, so your internal network remains hidden but accessible.
• internal: The opposite side of the external zone for the internal part of a gateway. Computers are fairly trusted and some additional services are available.
• dmz: Used for computers in a DMZ (isolated computers that will have no access to the rest of the network). Only certain incoming connections are allowed.
• work: Used for work machines. Most computers on the network are considered trustworthy.
• home: A home environment. Generally means you trust other computers.
• trusted: Defines all machines on the network as trusted. Currently the zone with the least security.

To enable the firewalld firewall service at startup, use the following command:

sudo systemctl enable firewalld

To see which zones are selected by default in the firewalld service:

firewall-cmd --get-default-zone

To see the currently active zone:

firewall-cmd --get-active-zones

The following command lists the rules and services configured inside:

sudo firewall-cmd --list-all

To allow a service, use the following command. In this command, we are activating and allowing the http service in the Public zone:

sudo firewall-cmd --zone=public --add-service=http

An important point to remember is that the above usage grants the rule temporarily. If we want a rule to persist when the machine or the firewalld service is restarted, we must use –permanent:

sudo firewall-cmd --zone=public --permanent --add-service=http

To allow one or more ports:

sudo firewall-cmd --zone=public --permanent --add-port=1453/tcp
sudo firewall-cmd --zone=public --permanent --add-port=1071-1453/udp

The CentOS firewall service firewalld is an application that takes your network environment into account, allows you to configure rules and rule sets, and enables seamless switching between different firewall policies through the use of zones. It gives administrators the ability to define port management more easily.