It is important for every system to be well protected, be it your home computer or your server. In this article, we’ll understand how to configure a Firewall in Linux to keep your system safe and protected from malicious viruses.
Let us begin by understanding what a firewall is.
What is a Firewall
A firewall is a network security software that monitors the incoming and outgoing traffic in your network. In simple words, a firewall is like a virtual barrier that is put so that the least damage can occur. Thus, the barrier is placed between the safe and unsafe place. Where the safe place is your private network and the unsafe place is the internet – a wide public network. This way a firewall not only eliminates unwanted network communication but also prevents your server from malicious attacks.
There are two main types of firewalls, viz. ‘host firewall’ and ‘network firewall’. A host firewall is installed on individual servers and monitors the incoming and outgoing connections. A network firewall is usually built into your hosting infrastructure.
Is it necessary to enable a firewall for my Linux system?
It is usually a preconceived belief that Linux systems are secure. And although this is true to a great extent with Linux systems being immune to viruses and other malicious entities, it is important to practice caution, especially with the number of cyber-crimes being committed.
Steps to configure a firewall in Linux manually:
Step 1: Up your Linux Security
Prior to configuring a firewall for your Linux system, it is equally important to make sure your Linux system is up to date with the latest security updates installed, as well as, your operating system version is also up to date.
With Ubuntu/Debian Linux distribution ‘iptables’ is pre-installed, however, CentOS 7 and onwards replaces iptables with FirewallD, as the default firewall management tool.
Note: If you are comfortable with iptables you can continue using it, but make sure you disable FirewallD in your CentOS before installing iptables.
Step 2: Configuring iptables
iptables is a command-line firewall utility program that allows filtering traffic. The iptables tool decides which packets can come in and go out based on the rules it is configured to follow. It uses policy chains to allow or block the traffic. There are three types of policy chains:
- Input – used to control the behaviour for incoming connections i.e. packets going to local sockets
- Forward – used for packets that aren’t being delivered locally i.e. packets routed via the server
- Output – used for outgoing connections i.e. packets generated locally
iptables usually comes pre-installed with your Linux. However, if it is missing you can install it using the following command:
For Ubuntu/Debian Systems:
sudo apt-get install iptables
For Enterprise Linux OS like CentOS:
sudo yum install iptables-services
Now, that your iptables is installed, it is important to check the default configuration. To check, run the following command:
For Ubuntu/Debian Systems:
sudo iptables – L
For Enterprise Linux OS like CentOS:
sudo iptables -nvL
If you want to flush/clear all the pre-configured rules, run the following command:
iptables – F
To start the iptables service in CentOS run the following command:
sudo systemctl start iptables
To enable iptables in CentOs run the following command:
sudo systemctl enable iptables
Note: There are no major changes irrespective of whether you’re configuring rules for IPv4 or IPv6. Nevertheless, when you’re working with IPv6, remember that the ‘iptables’ command is not compatible. Alternatively, for Ubuntu/Debian there is an ‘ip6tables’ command, and for CentOS, there is ‘iptables6’ command.
For example, to check the default configuration in IPv6 in Ubuntu run the following command:
sudo ip6tables – L
Step 3: Decide what to block
If you want to block/drop connections for a particular IP address, run the following command:
iptables -A INPUT -s 10.10.10.10 -j DROP
Where 10.10.10.10 is the IP address you want to drop.
If you want to block/drop connections from a range of IP addresses, run the following command:
iptables -A INPUT -s 10.10.10.0/24 -j DROP
OR
iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP
If you want to block/drop connections to a specific port, run the following command:
iptables -A INPUT -p tcp –dport ssh -j DROP
You can replace ‘ssh’ with any other protocol or port number. In this code, we use the TCP (Transmission Control Protocol) connection hence, ‘-p tcp’ is used. If your protocol uses a UDP (User Datagram Protocol) connection then ‘-p udp’ would be used.
For blocking/dropping certain attacks:
Whenever a packet is issued and sent, it awaits an ACK (acknowledgement) that the packet is received at the receiver end (3-way handshake). However, if your system is compromised you will not receive the ACK as the transmitted packet would be lost while travelling. If this occurs, then genuine users will not be able to access the service requested, hence it is important to block/drop attacks that result in system failure.
Let us look at some of the common types of attacks:
If you want to drop syn-flood packet, run the following command:
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
If you want to drop XMAS packet, run the following command:
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
If you want to drop NULL packet, run the following command:
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
Step 4: Deciding which ports to keep open
The decision to leave ports open depends on your server and what you are using your server for. Here are some ports you can leave open.
Incoming connections:
Port Number/ Protocol for reason
- 993/ tcp & udp for IMAP (to receive emails)
- 143/ tcp & udp for Insecure IMAP
- 110/ tcp for POP3 (another way to receive emails)
- 22/ tcp for SSH (secure connection from machine to machine)
- 9418/ tcp for GIT (version control system)
Outgoing connections:
Port Number/ Protocol for reason
- 80/ tcp for HTTP
- 443/ tcp for HTTPS (secure HTTP)
- 993/ tcp & udp for IMAP (to receive emails)
- 143/ tcp & udp for Insecure IMAP
- 53/ udp for DNS
- 21/ tcp for FTP (File Transfer Protocol)
- 465/ tcp for SMTP (to send emails)
- 25/ tcp for Insecure SMTP
- 22/ tcp for SSH (secure connection from machine to machine)
- 9418/ tcp for GIT (version control system)
Step 5: Saving your firewall configuration
Run the following command to save your configuration settings and restarting your firewall:
iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart
GUI alternatives to iptables
Although iptables is the most popular and effective firewall solution for Linux, if you feel that you prefer GUI (Graphical User Interface) options over Command-Line there are quite a few tools available.
Here is a list of tools that you can check out for your Ubuntu/Debian distributions:
- Firestarter
- fwbuilder (Firewall Builder)
- GUFW Firewall (Graphical interface for Uncomplicated Firewall)
Apart from this, if you’re using Ubuntu then it comes with its own built-in Firewall with a frontend. UFU or Uncomplicated Firewall. This is basically the frontend of iptables. If it is not pre-installed with your Linux distribution then you can install it over command-line.
Note: GUFW mentioned above in tools is the graphical interface for ‘Uncomplicated Firewall.’
To install UFW, run the following command in your terminal:
For Ubuntu/Debian:
sudo apt-get install ufw
For CentOS run the following commands:
sudo yum install epel-release -y
sudo yum install –enablerepo=”epel” ufw -y
Next, to enable the firewall run the following command:
sudo ufw enable
To set up default settings:
sudo ufw default deny incoming
and
sudo ufw default allow outgoing
To check the status of your firewall:
sudo ufw status verbose
To allow connections to your firewall:
For instance, you want to allow SSH, then directly write the name of the protocol after ‘allow’
sudo ufw allow ssh
Instead of the name of the protocol, you can even specify the port number. By default 22 is the port number for SSH
sudo ufw allow 22
If you’ve configured your SSH to use a different port, then specify that port number. For instance, say your SSH server is listening on port 2333 then run the following command:
sudo ufw allow 2333
To enable your firewall:
Now, that your firewall is configured to allow SSH connections we can enable it. To enable your firewall, run the following command:
sudo ufw enable
To delete rules in your firewall:
Say you want to delete the SSH connection that you’ve allowed you can run the following command:
sudo ufw delete allow ssh
To reset your firewall:
If for some reason you wish to reset your firewall, then run the following command
sudo ufw reset
By following the above steps it is easy to enable a firewall in Linux easily irrespective of it being a personal computer or your server. In fact, if your website is hosted on VPS (Virtual Private Server) Hosting then you can easily make changes to your server, as VPS Hosting comes with full root access. This way you have complete control of your hosting server and can customise it as you see fit.
We hope you found this guide useful! If you have any queries, feel free to get in touch with us or leave a comment below!