A Step-By-Step Guide on How to Configure a Firewall in Linux

Before starting with the steps involved to configure a firewall in Linux, first let’s make sure we understand what a firewall is and how it works.

Understanding what a firewall is and how it works:

A firewall is a network security software that monitors the incoming and outgoing traffic in your network. In simple words, This is an intermediary system between the device and the internet. Thus, the barrier is placed between the safe and unsafe place. Where the safe place is your private network and the unsafe place is the internet . This way a firewall not only eliminates unwanted network communication but also prevents your server from malicious attacks. 

why it is necessary to enable a firewall for my Linux system?

If you have a Linux machine, you are guaranteed a certain level of security by default, courtesy the amazing Linux developer community. Linux systems are generally immune to a majority of viruses and other threats that many other operating systems succumb to. But with the increase in the volume, variety and intensity of cyber threats today, configuring a Linux firewall is quite a necessity.

Steps to configure a firewall in Linux manually:

Step 1: Up your Linux Security

It is equally important to make sure your Linux system is up to date with the latest security updates installed, as well as, your operating system version is also up to date. 

With Ubuntu/Debian Linux distribution ‘iptables’ is pre-installed, however, CentOS 7 and onwards replaces iptables with FirewallD, as the default firewall management tool.

Note: If you are comfortable with iptables you can continue using it, but make sure you disable FirewallD in your CentOS before installing iptables. 

Step 2:  Configuring IPTABLES:

iptables is a command-line firewall utility program that allows filtering traffic. The iptables tool decides which packets can come in and go out based on the rules it is configured to follow. It uses policy chains to allow or block the traffic. There are three types of policy chains:

Chains are a set of rules defined for a particular task.

We have three chains(set of rules) which are used to process the traffic:-

  1. INPUT Chains: Any traffic coming from the internet(network) towards your local machine has to go through the input chains. That means they have to go through all the rules that have been set up in the Input chain.
  2. OUTPUT Chains: Any traffic going from your local machine to the internet needs to go through the output chains.
  3. FORWARD Chains:  used for packets that aren’t being delivered locally i.e. packets routed via the server

Different Policies :-

There are three actions which the iptables can perform on the traffic

1. ACCEPT
When traffic passes the rules in its specified chain, then the iptable accepts the traffic.That means it opens up the gate and allows the person to go inside the kingdom of Thanos.

2. DROP
When the traffic is unable to pass the rules in its specified chain, the iptable blocks that traffic.That means the firewall is closed.

3. REJECT
This type of action is similar to the drop action but it sends a message to the sender of the traffic stating that the data transfer has failed.
As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see.

iptables usually comes pre-installed with your Linux. However, if it is missing you can install it using the following command:

Different OS flavours use different installation commands

sudo apt-get install iptables

iptables installation on Ubuntu/Debian Systems:

sudo yum install iptables-services

iptables installation on Enterprise Linux OS like CentOS

To check the default configuration, run the following command:

sudo iptables – L 

to check configuration on  Ubuntu/Debian Systems

sudo iptables -nvL

to check configuration on Linux OS like CentOS

To flush all the pre-configured rules, run the following command:

iptables – F 

To clear the firewall rules

To start the iptables service in CentOS run the following command:

sudo systemctl start iptables

start iptables on Centos

To enable iptables in CentOs  run the following command:

sudo systemctl enable iptables

enable iptables on Centos

STEP 3: BLOCK COMMANDS:

To block/drop connections for a particular IP address:

iptables -A INPUT -s xx.xx.xx.xx -j DROP

xx.xx.xx.xx is your IP address

To block/drop connections from a range of IP addresses, run the following command:

iptables -A INPUT -s xx.xx.xx.xx /24 -j DROP

OR

iptables -A INPUT -s xx.xx.xx.xx /255.255.255.0 -j DROP

xx.xx.xx.xx is your IP address

 To block/drop connections to a specific port, run the following command:

iptables -A INPUT -p tcp –dport imap -j DROP

iptables commands for some of the common types of attacks :

iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP

to drop syn-flood packet

iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP

to drop NULL packet

iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP

Block XMAS Packets

STEP 4 : Decide which firewall ports to leave open:

Here are some ports you could decide to leave open:

For outgoing connections:

  • 80/tcp for HTTP
  • 53/udp for DNS
  • 443/tcp for HTTPS (secured HTTP)
  • 21/tcp for FTP (File Transfer Protocol)
  • 465/tcp for SMTP (send emails)
  • 25/tcp for Insecure SMTP
  • 22/tcp for SSH (secure connection from computer to computer)
  • 993/tcp&udp for IMAP (receive emails)
  • 143/tcp&udp for Insecure IMAP
  • 9418/tcp for GIT (version control system)

For Incoming connections:

  • 993/tcp&udp for IMAP (receive emails)
  • 143/tcp&udp for Insecure IMAP
  • 110/tcp for POP3 (old way to receive emails)
  • 22/tcp for SSH (secure connection from computer to computer)
  • 9418/tcp for GIT (version control system)

Step 5: Save your firewall configuration

Type the following command to save the settings you’ve configured and restart your firewall:

iptables -L -n

iptables-save | sudo tee /etc/sysconfig/iptables

service iptables restart

CONCLUSION:

By following the above steps it is easy to enable a firewall in Linux easily In fact, if your website is hosted on VPS (Virtual Private Server) Hosting then you can easily make changes to your server, as VPS Hosting comes with full root access. This way you have complete control of your hosting server and can customise it as you see fit.  

MyResellerhome VPS plans
    MyReseller VPS server Plans

    Hope we’ve made this process an easy-to-follow guide for you to configure firewall in Linux.

    MyResellerhome Dediacted server plans
      MyResellerhome Dedicated Server Plans

      You can follow us on Twitter and Facebook.

      Leave a Reply

      Next Post

      How To Optimize The Performance Of a Laravel Application

      Share on Facebook Tweet it Since it’s first release in 2011, Laravel has grown multi-fold and now it’s considered to be the best PHP framework in 2019. From complex APIs to simple web apps, Laravel can be a one-stop PHP development platform for your business. No PHP developer is untouched […]
      %d bloggers like this: