Welcome to Day 16 of our Linux Security Basics series! After securing file permissions on topic 5, it’s time to add a layer of network security with a firewall. A firewall controls incoming and outgoing traffic, protecting your system from unauthorized access. Today, we’ll explore two user friendly tools: ufw (Uncomplicated Firewall) and firewalld. Let’s set up a simple firewall to fortify your Linux system!
Index
- Why Use a Firewall?
- Choosing Between ufw and firewalld
- Setting Up a Firewall with ufwd
- Setting Up a Firewall with firewalld
- Best Practices
Why Use a Firewall?
A firewall acts as a gatekeeper, allowing only trusted traffic while blocking potential threats. Without one, your system is vulnerable to attacks like port scanning or unauthorized remote logins. Both ufw and firewalld simplify firewall management, making them ideal for beginners and experienced users alike.
Choosing Between ufw and firewalld
- ufw: Lightweight and easy to use, pre installed on Ubuntu and Debian-based systems. Best for simple setups.
- firewalld: More dynamic, with support for runtime changes and zones. Common on Red Hat-based systems (e.g., CentOS, Fedora).
Check which tool is available:
- For ufw:
sudo ufw version - For firewalld:
sudo firewall-cmd --version
If both are installed, you can use either let’s cover both!
Setting Up a Firewall with ufw
1. Check Status
Ensure ufw is active:
sudo ufw status
If it says "inactive," proceed to enable it.
2. Enable ufw
Enable the firewall (this may disrupt existing connections, so plan ahead):
sudo ufw enable
3. Allow Essential Services
Allow traffic for services you need (e.g., SSH on port 22):
sudo ufw allow 22/tcp
Or use service names (if configured):
sudo ufw allow ssh
4. Deny Unwanted Traffic
Block specific ports (e.g., deny port 23, used for telnet):
sudo ufw deny 23
5. Set Default Policies
Restrict all incoming traffic by default, allowing only specified ports:
sudo ufw default deny incoming
sudo ufw default allow outgoing
6. Verify and Apply
Check the rules:
sudo ufw status
Apply changes (usually automatic with enable).
Setting Up a Firewall with firewalld
1. Check Status
See if firewalld is running:
sudo firewall-cmd --state
If it returns "not running," start it:
sudo systemctl start firewalld
2. Enable firewalld
Ensure it starts on boot:
sudo systemctl enable firewalld
3. Allow Services
Allow SSH (port 22):
sudo firewall-cmd --add-service=ssh --permanent
4. Add Custom Ports
Allow a custom port (e.g., 8080 for a web server):
sudo firewall-cmd --add-port=8080/tcp --permanent
5. Reload Rules
Apply changes:
sudo firewall-cmd --reload
6. Check Rules
View active rules:
sudo firewall-cmd --list-all
Best Practices
- Allow Only Necessary Ports: Minimize open ports to reduce attack surfaces.
- Test After Changes: Ensure services (e.g., SSH) still work after enabling rules.
-
Backup Rules: Save ufw rules with
sudo ufw show rawor firewalld withsudo firewall-cmd --runtime-to-permanent. -
Monitor Logs: Check
/var/log/ufw.log(ufw) orfirewalldlogs for issues.
Troubleshooting
- Locked Out?: If you block SSH, use the console or a rescue method to regain access.
-
Conflicting Rules?: Reset with
sudo ufw resetorsudo firewall-cmd --reload.
What’s Next?
You’ve now added a firewall to protect your network traffic! On our next topic, we’ll explore Monitoring Users and Login Activity with commands like last, w, and who. Stay tuned!
I would love to hear your thoughts, experiences, or tips about Linux!
Feel free to share in the comments and join the conversation.
Connect with me on LinkedIn !
#30DaysLinuxChallenge #CloudWhistler #RedHat #Cloudsecurity #DevOps #Linux #OpenSource #CloudComputing #RedHatEnterpriseLinux #SystemLogs #EnterpriseIT #Observability #Logging #SysAdmin #Automation #CloudEngineer #TechForBusiness #ITSupport #SRE #CloudOps