So before we start with the steps involved to configure a firewall in Linux, first let’s make sure we understand what a firewall is and how it works.
A firewall is a program that surrounds the interface between a private network and the rest of the big and (usually) bad internet. You can think of the firewall as a gateway. It follows pre-configured rules that allow certain traffic to pass through from the internet to the private network and blocks those that are unwanted and potentially harmful.
If you have a Linux machine, you are guaranteed a certain level of security by default, courtesy the amazing Linux developer community. Linux systems are generally immune to a majority of viruses and other threats that many other operating systems succumb to. But with the increase in the volume, variety and intensity of cyber threats today, configuring a Linux firewall is quite a necessity.
A step-by-step guide on how to configure firewall in Linux:
Step 1 : Beef-up basic Linux security:
While this blog is titled to address firewall configuration, the first step is to ensure that the firewall has all the support it needs with a 100% secure Linux machine. To do this, ensure you have all the latest security updates installed for your version of Linux.
Step 2: Decide how you want to protect your server:
While Iptables is generally where the linux community looks to configure a firewall, there are easier options available that are also free for use. Here are some that we would recommend:
-ClearOS is extremely easy-to-use. It is suitable those who prefer an easy-to-follow UI AND also for geeks who would like to talk to it through the command-line interface
Post a 10-minute installation time, you are asked to reboot and are given all the information and support required to manage your firewall as easily as possible
-OPNsense offers several advanced features not usually found in free firewalls like ‘forward caching proxy’ and ‘intrusion detection’.
-It supports the use of OpenVPN. To know how useful OpenVPN is, read more here
-It uses an Inline Intrusion Prevention System which is a powerful form of Deep Packet Inspection. Here, instead of just blocking an IP address or port, the firewall inspects individual data packets or connections and stops them before they reach the sender if found malicious
3.ConfigServer Firewall (CSF):
-CSF is an advanced firewall suite for Linux systems has the Login Failure Daemon (LFD) process that regularly scans for failed login attempts (or “Brute-force attacks”) on your Server and takes action against the offending IP Addresses very quickly
-CSF can be managed through the Command Line Interface and its front-end is accessible by the root account through cPanel, DirectAdmin and Webmin which makes configuring and managing the firewall very simple
Understand Iptables and how it works:
The Linux kernel has the capacity to filter incoming and outgoing packages with a filtering tool known as ‘Iptables’. The Iptables tool is in charge of deciding which packages can come in and go out based on the rules it is configured to follow.
First, how to configure the firewall manually:
Working with iptables manually can be complicated. We have a quick fix at the bottom of our section you can try. Read on for more.
Step 1: Retrieve the Iptables firewall:
Iptables is pre-installed on almost every Linux distribution. You can use this command to retrieve the package:
sudo apt-get install iptables
Step 2: Discover what Iptables is already configured to do by default:
Run the iptable L command
Step 3: You can decide to modify the existing rules or instead start afresh:
To start afresh, run this command
Step 4: Decide which firewall ports to close:
First block all lines of attack by running the following commands:
Block XMAS Packets: iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
Block null packets: iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
Block syn-flood packets: iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
Step 5: Decide which firewall ports to leave open:
Here are some ports you could decide to leave open:
For outgoing connections:
For Incoming connections:
Step 6: Save your firewall configuration
Type the following command to save the settings you’ve configured and restart your firewall:
iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart
Tools to assist you with the iptables configuration:
If this is too complicated for you, you can use tools such as fwbuilder or UFW. Here, we will run you through the UFW Uncomplicated Firewall.
The UFW is a front-end for iptables that makes configuring the firewall easier while working with iptables.
Step 1: Type this command into the terminal to install UFW:
# apt-get install ufw
Step 2: Next, enable the firewall:
# ufw enable
Step 3: enable the default settings.
# ufw default deny incoming
# ufw default allow outgoing
This will deny all incoming connections. To specify which ones to allow – do the following:
Step 4: To allow specific connections. For example, SSH-
# ufw allow ssh
Step 5: ensure the firewall is saved:
# ufw status verbose
# ufw delete allow ssh
There! Hope we’ve made this process an easy-to-follow guide for you to configure firewall in Linux.