How to Configure Firewall in Linux? : Step-by-Step Guide

September 18, 2019   . 8 minutes Read
12
Shares

 

It is important for every system to be well protected, be it your home computer or your server. In this article, we’ll understand how to configure a Firewall in Linux to keep your system safe and protected from malicious viruses. 

Let us begin by understanding what a firewall is.

What is a Firewall

A firewall is a network security software that monitors the incoming and outgoing traffic in your network. In simple words, a firewall is like a virtual barrier that is put so that the least damage can occur. Thus, the barrier is placed between the safe and unsafe place. Where the safe place is your private network and the unsafe place is the internet – a wide public network. This way a firewall not only eliminates unwanted network communication but also prevents your server from malicious attacks. 

There are two main types of firewalls, viz. ‘host firewall’ and ‘network firewall’. A host firewall is installed on individual servers and monitors the incoming and outgoing connections. A network firewall is usually built into your hosting infrastructure. 

Is it necessary to enable a firewall for my Linux system?

It is usually a preconceived belief that Linux systems are secure. And although this is true to a great extent with Linux systems being immune to viruses and other malicious entities, it is important to practice caution, especially with the number of cyber-crimes being committed. 

Steps to configure a firewall in Linux manually:

Step 1: Up your Linux Security

Prior to configuring a firewall for your Linux system, it is equally important to make sure your Linux system is up to date with the latest security updates installed, as well as, your operating system version is also up to date. 

With Ubuntu/Debian Linux distribution ‘iptables’ is pre-installed, however, CentOS 7 and onwards replaces iptables with FirewallD, as the default firewall management tool.

Note: If you are comfortable with iptables you can continue using it, but make sure you disable FirewallD in your CentOS before installing iptables. 

Step 2: Configuring iptables

iptables is a command-line firewall utility program that allows filtering traffic. The iptables tool decides which packets can come in and go out based on the rules it is configured to follow. It uses policy chains to allow or block the traffic. There are three types of policy chains:

  1. Input – used to control the behaviour for incoming connections i.e. packets going to local sockets
  2. Forward – used for packets that aren’t being delivered locally i.e. packets routed via the server
  3. Output – used for outgoing connections i.e. packets generated locally

iptables usually comes pre-installed with your Linux. However, if it is missing you can install it using the following command:

For Ubuntu/Debian Systems:

sudo apt-get install iptables 

For Enterprise Linux OS like CentOS:

sudo yum install iptables-services

Now, that your iptables is installed, it is important to check the default configuration. To check, run the following command:

For Ubuntu/Debian Systems:

sudo iptables – L 

For Enterprise Linux OS like CentOS:

sudo iptables -nvL

If you want to flush/clear all the pre-configured rules, run the following command:

iptables – F 

To start the iptables service in CentOS run the following command:

sudo systemctl start iptables

To enable iptables in CentOs  run the following command:

sudo systemctl enable iptables

Note: There are no major changes irrespective of whether you’re configuring rules for IPv4 or IPv6. Nevertheless, when you’re working with IPv6, remember that the ‘iptables’ command is not compatible. Alternatively, for Ubuntu/Debian there is an ‘ip6tables’ command, and for CentOS, there is ‘iptables6’ command. 

For example, to check the default configuration in IPv6 in Ubuntu run the following command:

sudo ip6tables – L 

Step 3: Decide what to block

If you want to block/drop connections for a particular IP address, run the following command:

iptables -A INPUT -s 10.10.10.10 -j DROP

Where 10.10.10.10 is the IP address you want to drop.

If you want to block/drop connections from a range of IP addresses, run the following command:

iptables -A INPUT -s 10.10.10.0/24 -j DROP

OR

iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP

If you want to block/drop connections to a specific port, run the following command:

iptables -A INPUT -p tcp –dport ssh -j DROP

You can replace ‘ssh’ with any other protocol or port number. In this code, we use the TCP (Transmission Control Protocol) connection hence, ‘-p tcp’ is used. If your protocol uses a UDP (User Datagram Protocol) connection then ‘-p udp’ would be used.

For blocking/dropping certain attacks:

Whenever a packet is issued and sent, it awaits an ACK (acknowledgement) that the packet is received at the receiver end (3-way handshake). However, if your system is compromised you will not receive the ACK as the transmitted packet would be lost while travelling. If this occurs, then genuine users will not be able to access the service requested, hence it is important to block/drop attacks that result in system failure. 

Let us look at some of the common types of attacks:

If you want to drop syn-flood packet, run the following command:

iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP

If you want to drop XMAS packet, run the following command:

iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP

If you want to drop NULL packet, run the following command:

iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP

Step 4: Deciding which ports to keep open

The decision to leave ports open depends on your server and what you are using your server for. Here are some ports you can leave open.

Incoming connections:

Port Number/ Protocol for reason

  • 993/ tcp & udp for IMAP (to receive emails)
  • 143/ tcp & udp for Insecure IMAP
  • 110/ tcp for POP3 (another way to receive emails)
  • 22/ tcp for SSH (secure connection from machine to machine)
  • 9418/ tcp for GIT (version control system)

Outgoing connections:

Port Number/ Protocol for reason

  • 80/ tcp for HTTP
  • 443/ tcp for HTTPS (secure HTTP)
  • 993/ tcp & udp for IMAP (to receive emails)
  • 143/ tcp & udp for Insecure IMAP
  • 53/ udp for DNS
  • 21/ tcp for FTP (File Transfer Protocol)
  • 465/ tcp for SMTP (to send emails)
  • 25/ tcp for Insecure SMTP
  • 22/ tcp for SSH (secure connection from machine to machine)
  • 9418/ tcp for GIT (version control system)

Step 5: Saving your firewall configuration

Run the following command to save your configuration settings and restarting your firewall:

iptables -L -n

iptables-save | sudo tee /etc/sysconfig/iptables

service iptables restart

GUI alternatives to iptables

Although iptables is the most popular and effective firewall solution for Linux, if you feel that you prefer GUI (Graphical User Interface) options over Command-Line there are quite a few tools available. 

Here is a list of tools that you can check out for your Ubuntu/Debian distributions:

  1. Firestarter
  2. fwbuilder (Firewall Builder) 
  3. GUFW Firewall (Graphical interface for Uncomplicated Firewall)

Apart from this, if you’re using Ubuntu then it comes with its own built-in Firewall with a frontend. UFU or Uncomplicated Firewall. This is basically the frontend of iptables. If it is not pre-installed with your Linux distribution then you can install it over command-line.

Note: GUFW mentioned above in tools is the graphical interface for ‘Uncomplicated Firewall.’

To install UFW, run the following command in your terminal:

For Ubuntu/Debian:

sudo apt-get install ufw

For CentOS run the following commands:

sudo yum install epel-release -y

sudo yum install –enablerepo=”epel” ufw -y

Next, to enable the firewall run the following command:

sudo ufw enable

To set up default settings:

sudo ufw default deny incoming

and 

sudo ufw default allow outgoing

To check the status of your firewall:

sudo ufw status verbose

To allow connections to your firewall: 

For instance, you want to allow SSH, then directly write the name of the protocol after ‘allow’

sudo ufw allow ssh

Instead of the name of the protocol, you can even specify the port number. By default 22 is the port number for SSH 

sudo ufw allow 22

If you’ve configured your SSH to use a different port, then specify that port number. For instance, say your SSH server is listening on port 2333 then run the following command:

sudo ufw allow 2333

To enable your firewall:

Now, that your firewall is configured to allow SSH connections we can enable it. To enable your firewall, run the following command:

sudo ufw enable

To delete rules in your firewall:

Say you want to delete the SSH connection that you’ve allowed you can run the following command: 

sudo ufw delete allow ssh

To reset your firewall:

If for some reason you wish to reset your firewall, then run the following command

sudo ufw reset 

By following the above steps it is easy to enable a firewall in Linux easily irrespective of it being a personal computer or your server. In fact, if your website is hosted on VPS (Virtual Private Server) Hosting then you can easily make changes to your server, as VPS Hosting comes with full root access. This way you have complete control of your hosting server and can customise it as you see fit.  

We hope you found this guide useful! If you have any queries, feel free to get in touch with us or leave a comment below!

Related Post
Shared Hosting vs. VPS Hosting: The Difference | HostGator India Blog
Shared Hosting vs. VPS Hosting
How to Host a Website – A Complete Guide for Beginners
Step by Step Guide on How to Host a Website

Comments