Firewall and iptables

2 Comments /

Firewalls are an essential security tool for protecting your network and data. A firewall is a software or hardware-based solution that monitors and controls incoming and outgoing network traffic based on predefined security rules

Iptables

Iptables is a powerful and flexible firewall tool for Linux-based systems. It uses a set of rules to filter network traffic based on IP addresses, ports, and protocols. Most Linux distributions come with iptables installed by default.

To use iptables, you need to define a set of rules that specify what traffic to allow or deny. For example, you can block all incoming traffic except for specific ports or IP addresses.

Here’s an example of how to block all incoming traffic to your server except for SSH (port 22) and HTTP (port 80):

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport http -j ACCEPT
sudo iptables -A INPUT -j DROP

The above commands add rules to allow SSH and HTTP traffic and then drop all other incoming traffic. You can view the current iptables rules using the following command:

sudo iptables -L

This will output a list of all the current iptables rules.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The command displays the current rules and policies of the iptables firewall on your system. The output is divided into three chains: INPUT, FORWARD, and OUTPUT. The policy column specifies the default policy for each chain, which is currently set to ACCEPT. The source and destination columns show the source and destination IP addresses or network interfaces for each rule, and the target column specifies the action to take for matching packets.

Firewalld

Firewalld is a newer firewall tool that is available on many modern Linux distributions. The designers have made firewalld to be more user-friendly than iptables and to provide a more flexible and customizable firewall configuration.

One of the main advantages of firewalld is its ability to manage network zones. Those are predefined sets of rules that define how network traffic should be allowed or blocked. Firewalld supports multiple zones, each with its own set of rules.

Here’s an example of how to add a service (e.g., SSH) to the public zone in firewalld:

sudo firewall-cmd --zone=public --add-service=ssh --permanent

This command adds the SSH service to the public zone and makes the change permanent (i.e., it will survive a reboot). You can view the current firewalld configuration using the following command:

sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: ssh dhcpv6-client http https
  ports: 8080/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  • The firewall is currently active and is using the public zone.
  • The target field specifies the default target policy that applies to all packets that don’t match any other rules in the zone. The default target is not specified.
  • The icmp-block-inversion field specifies whether to invert the behavior of ICMP blocking rules.
  • The interfaces field specifies the network interfaces where the firewall applies. In this case, the firewall applies to the “eth0” interface.
  • The sources field specifies the sources that the firewall accepts incoming traffic from. In this case, the field is empty, indicating that the firewall doesn’t have any restrictions on incoming traffic sources.
  • The services field lists the network services that pass through the firewall. In this case, the firewall allows SSH, DHCPv6 client, HTTP, and HTTPS traffic.
  • The ports field specifies any specific ports that the firewall allows through.
  • The protocols field lists any specific protocols that the firewall allows through.
  • The masquerade field specifies whether to enable IP masquerading.
  • The forward-ports field specifies any port forwarding rules that are set up.
  • The source-ports field lists the allowed source ports for outgoing traffic. In this case, the field is empty, indicating that the firewall doesn’t have any restrictions on outgoing traffic source ports.
  • The icmp-blocks field lists any specific ICMP messages that the firewall blocks.
  • Finally, the rich rules field lists any additional custom firewall rules that are defined.

Adding Ports

Adding ports to your firewall configuration is an important step in securing your network. By default, a Linux system closes most ports to incoming traffic. You can open ports using iptables or firewalld to allow incoming traffic on specific ports.

Here’s an example of how to open port 8080 in iptables:

sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Most networks today use IPv4 as their primary Internet Protocol (IP). This is because IPv4 assigns 32-bit numbers to identify devices on a network and route traffic between them, dividing them into four octets.

Also, when configuring your firewall, it is essential to consider the IP addresses that you want to allow or block. You can use iptables or firewalld to specify IP addresses and allow or block traffic accordingly.

2 thoughts on “Firewall and iptables”

  1. Pingback: Advanced Linux firewall management - Deep packet inspection and Stateful filtering - Learn with Arctic Guru

  2. Pingback: Apache Web Server - Learn with Arctic Guru

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top