How to Configure your Linux Firewall – 3 Methods
Last Updated : 27 Nov, 2024
A Linux firewall is essential for protecting your system from unauthorized access and attacks. By configuring firewall rules, you can control the flow of traffic into and out of your system. Linux offers multiple firewall management tools, including iptables and firewalld, both of which can be used to manage and secure your network.
Setting up a firewall in Linux is an essential step to protect your system from unauthorized access and potential threats. Firewalls act as a barrier between your internal network and external connections, filtering traffic based on predefined rules. These firewalls help your system or server by keeping it safe and secure.
In this guide, we are going to show you how to set up a firewall in Linux that will enable your system to be safe and secure in no time.
What is a Firewall?
A firewall is a security system designed to monitor and control incoming and outgoing network traffic. Acting as a barrier between trusted internal networks and untrusted external connections, firewalls enforce predefined security policies. Firewalls can be implemented in both hardware and software, with the main goal being to:
- Restrict unauthorized access.
- Allow legitimate communication.
- Prevent data breaches.
Types of Linux Firewalls
iptables
iptables is the most widely used firewall tool in Linux. It works by defining chains of rules that filter network traffic at various points (such as incoming or outgoing traffic). iptables operates at the network layer (Layer 3) and transport layer (Layer 4).
firewall
firewalld is a more modern firewall management tool for Linux, available on distributions like CentOS, RHEL, and Fedora. It provides a more dynamic and user-friendly approach to managing firewall rules using zones.
nftables
nftables is the successor to iptables and provides an improved, more efficient way to filter network traffic. It is designed to replace iptables in newer Linux distributions.
How Does a Linux Firewall Work?
A Linux firewall filters network traffic based on a series of rules. These rules specify which types of network packets (data sent over the network) are allowed or denied based on factors like:
- IP Address: The source or destination address of the packet.
- Port Number: The communication port the packet is trying to reach (e.g., port 80 for HTTP or port 22 for SSH).
- Protocol: The type of network protocol used (TCP, UDP, ICMP, etc.).
- Connection State: Whether the packet is part of an established connection or is a new connection request.
When a packet enters or exits the system, the firewall checks it against its rules to determine whether it should be allowed to pass or blocked. If a packet matches an “allow” rule, it is allowed to pass. If it matches a “deny” rule, it is blocked.
Note: All the command below need sudo privileges.
Before getting into the configuration, let’s understand the common firewall tools available on Linux systems:
- iptables: A powerful command-line tool that filters network traffic. It works by defining chains of rules for different types of network traffic.
- ufw (Uncomplicated Firewall): A user-friendly frontend for iptables, simplifying configuration.
- firewalld: A dynamic firewall management tool, offering flexible configuration. It uses zones to define trust levels for network connections and interfaces, providing a simpler method to manage firewall settings compared to
iptables. - CSF (ConfigServer Security & Firewall): A complete security solution, including firewall features.
- ClearOS and OPNsense: Firewall-focused operating systems providing web-based interfaces.
| Feature | iptables | firewalld | UFW |
|---|
| Ease of Use | Moderate | Easy | Very Easy |
| Best For | Advanced users | Zone-based management | Beginners |
| Dynamic Rules | No | Yes | Limited |
| GUI Available | No | Yes (GUI plugins) | Yes (Gufw) |
Method 1: Configuring Firewall with iptables
iptables is a powerful tool for configuring packet filtering and NAT rules. It’s ideal for experienced Linux users and system administrators managing complex environments.
iptables operates on a three-tiered system:
1. Tables: These are categorized groups of rules. Each table handles a specific type of packet:
- INPUT: Incoming packets destined for the local machine.
- OUTPUT: Outgoing packets originating from the local machine.
- FORWARD: Packets routed through the machine.
2. Chains: These are sequences of rules within a table. Packets are processed through a chain until a matching rule is found, determining the packet’s fate.
3. Rules: These are the individual instructions within a chain. Each rule has conditions (matching criteria) and targets (actions to take). Common actions include:
- ACCEPT: Allow the packet to pass.
- DROP: Discard the packet silently.
- REJECT: Discard the packet and send an error message.
- LOG: Log information about the packet.
- JUMP: Redirect the packet to another chain.
Note: You need to keep in mind a simple rule here – The Rules you set in the iptables are checked from the topmost rules to the bottom. Whenever a packet passes any of the top rules, it is allowed to pass the firewall. The lower rules are not checked. So be careful while setting up rules.
Step 1: Check Current Rules
Run sudo iptables -Lto list current firewall rules.
This lists all rules for INPUT (incoming), FORWARD (forwarding), and OUTPUT (outgoing) chains.
sudo iptables -L
Now the output will show three chains (INPUT, FORWARD, OUTPUT). We can also see column headers, but they are no actual rules. This is because most of the Linux come with no predefined rules.
Let see what each column mean:
- Target: This defines what action needs to be done on the packet (ACCEPT,DROP,etc..)
- prot: This defines the protocol (TCP,IP) of the packet.
- source: This tells the source address of the packet.
- destination: This defines the destination address of the packet
Step 2: Clear Existing Rules
If you want to clear/flush out all the existing rules. Run the following command if you want to Reset all current rules to start fresh:
sudo iptables -F
Step 3: Changing the Default Policy of Chains
As you can see in the above picture, the default policy of each of the chain is ACCEPT.
sudo iptables -P Chain_name Action_to_be_taken
Example: If you see the forward chain, you will see “Chain FORWARD (policy ACCEPT)”. This means your computer allows any traffic to be forwarded to another computer.
In order to change the policy of forwarding to drop:
sudo iptables -P FORWARD DROP
The above command will stop any traffic to be forwarded through your system. That means no other system can your system as an intermediary to pass the data.
Step 4: Implementing a DROP Rule
We’ll now start building our firewall policies. We’ll first work on the input chain since that is where the incoming traffic will be sent through.
Syntax:
sudo iptables -A/-I chain_name -s source_ip -j action_to_take
Example
Let’s assume we want to block the traffic coming from an IP address 192.168.1.3.
The following command can be used:
sudo iptables -A INPUT -s 192.168.1.3 -j DROP
This may look complicated, but most of it will make sense when we go over the components:
-A INPUT
- The flag -A is used to append a rule to the end of a chain. This part of the command tells the iptable that we want to add a rule to the end of the INPUT chain.
-I INPUT
- In this flag the rules are added to the top of the chain.
-s 192.168.1.3
- The flag -s is used to specify the source of the packet. This tells the iptable to look for the packets coming from the source 192.168.1.3
-j DROP
- This specifies what the iptable should do with the packet. In short, the above command adds a rule to the INPUT chain which says, if any packet arrives whose source address is 192.168.1.3 then drop that packet, that means do not allow the packet reach the computer.
Once you execute the above command you can see the changes by using the command:-
sudo iptables -L
The Output would be:
Step 5: Implementing a ACCEPT Rule
If you want to add rules to specific ports of your network,then the following commands can be used.
Syntax:
sudo iptables -A/-I chain_name -s source_ip -p protocol_name --dport port_number -j Action_to_take
-p protocol_name:
This option is used to match the packets that follow the protocol protocol_name.
-dport port_number:
This is option is available only if you give the -p protocol_name option. It specifies to look for the packets that are going to the port “port_number”.
Example:
Let’s say we want to keep our SSH port open (we will assume in this guide that the default SSH port is 22) from the 192.168.1.3 network we blocked in the above case. That is we only want to allow those packets coming from 192.168.1.3 and which wants to go to the port 22.
Let’s try the below command:
sudo iptables -A INPUT -s 192.168.1.3 -p tcp --dport 22 -j ACCEPT
The above command says looks for the packets originating from the IP address 192.168.1.3, having a TCP protocol and who wants to deliver something at the port 22 of my computer. If you find those packets then Accept them.
Here is the Output:
Troubleshooting the Problem with the Above Command
It actually does not allow the packets. Can You Guess What it is?
The Rules you set in the iptables are checked from the top to the bottom. Whenever a packet is processed to one of the top rules, it is not checked with the lower rules. Okay! Here’s The Answer:- In our case, The packet was checked with the topmost rule, which says that the iptable must drop any packet coming from 192.168.1.3. Hence once the packet got accessed through this rule, it did not go to the next rule which allowed packets to the port 22. Therefore it failed.
How to Fix?
The easiest answer is, Add the rule to the top of the chain. All you need to do is change the -A option to -I option.
( In our scenario we first delete the rule [refer the next section] added in the above section and then add the below rule again )
The command to do that is
sudo iptables -I INPUT -s 192.168.1.3 -p tcp --dport 22 -j ACCEPT
Now check the iptable configuration using -L command. The output would be:
Therefore, any packet coming from 192.168.1.3 is first checked if it is going to the port 22 if it isn’t then it is run through the next rule in the chain. Else it is allowed to pass the firewall. Now that you have understood how to block and accept the incoming traffic let’s see how to delete rules:
Deleting a Rule from the iptable (Optional)
If you want to delete the rule which accepts the traffic, Please follow the below example to understand it properly:
Syntax:
sudo iptables -D chain_name rule_number
Example:
Now lets learn it from example of deleting the rule which accepts the traffic to port 22 (Ref: In our Last Example, we added the Port 22)
Run the following command:
sudo iptables -D INPUT 1
Remember the rule number starts from 1
Output:
Step 6: Saving your Configuration
This part is unnecessary if you are implementing it on a personal computer which is not a server, but if you are implementing a firewall on a server, then there are high chances that your server might get corrupted and you might lose all your data. So, it’s always better to save your configurations. There are a lot of ways to do this, but the easiest way you could find is with iptables-persistent package.
You can download the package from Ubuntu’s default repositories:
sudo apt-get update sudo apt-get install iptables-persistent
Once the installation is complete, you can save your configuration using the command:-
sudo invoke-rc.d iptables-persistent save
Well, this is the end of the tutorial. Let’s just brief up all the commands we have learned so far:-
Method 2: Configuring Firewall with firewalld
firewalld simplifies managing rules by grouping them into zones (e.g., public, work, home).
Step 1: Install firewalld
Use the following command to Install firewalld
sudo apt-get install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
Step 2: Assign Network Interfaces to Zones
Lets learn this with an example, Assign eth0 to the “public” zone:
Cop the following command:
sudo firewall-cmd --zone=public --add-interface=eth0 --permanent
Step 3: Allow Services in Zones
Example: Permit HTTP traffic in the “public” zone:
sudo firewall-cmd –zone=public –add-service=http –permanent
sudo firewall-cmd –reload
Step 4: View Active Zones and Rules
sudo firewall-cmd –get-active-zones
sudo firewall-cmd –list-all
Above we have learned how to configure your Linux Firewall using the firewalld method from example where we Created a “home” zone that allows only trusted devices while blocking all external access.
Method 3: Configuring Firewall with UFW (Uncomplicated Firewall)
UFW is beginner-friendly and ideal for quick firewall setups, lets learn this configuration setup by an example of quickly setting up a secure environment for a personal Linux machine.
Step 1: Enable UFW
sudo ufw enable
Step 2: Allow Specific Services
Permit SSH:
sudo ufw allow ssh
Step 3: Block Traffic to Specific Ports
Example: Block traffic to port 8080:
sudo ufw deny 8080
Step 4: View Status
sudo ufw status
Conclusion
Linux firewalls are a vital layer of security for your system or server. By understanding the tools and following the methods outlined here, you can configure a firewall to safeguard against unauthorized access and attacks. Whether you choose iptables for advanced control, firewalld for dynamic management, or UFW for simplicity, each approach ensures your system remains secure.
Regular updates, testing, and monitoring will keep your firewall effective over time.
Common Mistakes to Avoid
- Not Saving Rules: Forgetting to save changes leads to loss of configurations after a reboot.
- Over-Blocking Traffic: Be cautious when setting DROP rules to avoid locking yourself out.
- Misapplying Zones (firewalld): Ensure interfaces are assigned to the correct zone.
Tips for Effective Firewall Management
1. Understand Your Network Needs
Identify which ports and services are required for your system and block the rest.
2. Use Logging for Monitoring
Enable logging to track allowed and blocked traffic for better troubleshooting.
sudo firewall-cmd --set-log-denied=all
Use the LOG target to record dropped packets.
3. Test Firewall Rules
Use tools like nmap to scan your system and verify that only intended ports are open.
4. Automate Rule Application
Write startup scripts or use tools like Ansible to automate firewall configurations.
Conclusion
By following this guide, you can easily setup a firewall in Linux to protect your system from potential security threats. Whether you’re configuring simple or advanced firewall rules, using UFW or other tools, a well-configured firewall can significantly improve your system’s security.
All you need is a regular update on firewall and just by monitoring it will ensure that your Linux system remains safe from unauthorized access and cyber attacks.
Similar Reads
Linux/Unix Tutorial
Linux is a widely-used open-source operating system, similar to Windows, Mac, and Android. It shares similarities with Unix, another operating system known for its commercial use. Unix and Linux have comparable components, including the kernel, shell, and programs. Many commands in Unix and Linux ex
12 min read
Getting Started with Linux
What is Linux Operating System
The Linux Operating System is a type of operating system that is similar to Unix, and it is built upon the Linux Kernel. The Linux Kernel is like the brain of the operating system because it manages how the computer interacts with its hardware and resources. It makes sure everything works smoothly a
13 min read
LINUX Full Form - Lovable Intellect Not Using XP
LINUX stands for Lovable Intellect Not Using XP. Linux was developed by Linus Torvalds and named after him. Linux is an open-source and community-developed operating system for computers, servers, mainframes, mobile devices, and embedded devices. Linux receives requests from system programs and it r
2 min read
Difference between Linux and Windows
Linux: Linux could be a free and open supply OS supported operating system standards. It provides programming interface still as programme compatible with operating system primarily based systems and provides giant selection applications. A UNIX operating system additionally contains several several
7 min read
What are Linux Distributions ?
A Linux distribution, often shortened to “distro,†is a packaged version of Linux that comes with the Linux kernel plus a collection of software and utilities that make the OS functional and user-friendly. Some distros are optimized for business environments, offering tools for productivity and ente
8 min read
Difference between Unix and Linux
Linux is an operating system that was developed by Linus Torvalds in 1991. The name "Linux" originates from the Linux kernel. It is an open-source software that is completely free to use. It is used for computer hardware and software, game development, mainframes, etc. It can run various client prog
4 min read
Installation with Linux
How to Install Arch Linux in VirtualBox?
Installing Arch Linux on a virtual machine is an excellent way to experience this powerful and flexible Linux distribution without affecting your main system. If you're looking to install Arch Linux in VirtualBox, this guide will take you through the process step-by-step. Arch Linux is known for its
7 min read
Fedora Linux Operating System
Fedora Linux is a free and open-source operating system based on the Linux kernel and was developed by the community-supported Fedora Project. It is known for its fast release cycle, which keeps the operating system up to date with the latest software and technologies. What is the Fedora Linux Opera
12 min read
How to install Ubuntu on VirtualBox?
Installing Ubuntu on VirtualBox is a great way to experience the powerful features of this popular Linux distribution without altering your main operating system. Whether you’re a developer, a student, or simply curious about Linux, setting up Ubuntu on VirtualBox allows you to test and explore in a
6 min read
How to Install Linux Mint?
Linux Mint is the second-largest Linux-based distro used in the world. Linux Mint is a community-driven Linux distribution based on Ubuntu which itself is based on Debian and bundled with a variety of free and open-source applications. So here we discuss the installation of Linux mint. Installation
3 min read
How to Install Kali Linux on Windows?
Kali Linux is an open-source Linux distribution based on Debian, designed for sophisticated penetration testing and security auditing. Kali Linux includes hundreds of tools for diverse information security activities such as penetration testing, security research, computer forensics, and reverse eng
2 min read
How to Install Linux on Windows PowerShell Subsystem?
There are several ways to Install a Linux subsystem on your Windows PC Powershell Environment. It is good for learners, but it is recommended using original Linux OS if you are a developer as the Subsystem lacks the pre-installed Linux tools. Before we begin installing a Linux subsystem, we need to
2 min read
How to Find openSUSE Linux Version?
openSUSE is well known for its GNU/Linux-based operating systems, mainly Tumbleweed, a tested rolling release, and Leap, a distribution with Long-Term-Support(LTS). MicroOS and Kubic are new transactional, self-contained distributions for use as desktop or container runtime. Here we figure out which
2 min read
How to Install CentOS
CentOS is a popular open-source Linux distribution aimed at servers and provides compatibility with Red Hat's RPM package manager. It is built with the goal of providing a stable operating system that provided great compatibility with the upstream RHEL (Red hat enterprise Linux) CentOS is therefore
2 min read
Linux File System
Linux File System
Operating systems, the software that powers your computer, rely on a crucial element known as the file system. Think of it as a virtual organizational tool that manages, stores, and retrieves your data efficiently. In the Linux world, a diverse range of file systems has emerged, each crafted to addr
11 min read
Linux File Hierarchy Structure
The Linux File Hierarchy Structure or the Filesystem Hierarchy Standard (FHS) defines the directory structure and directory contents in Unix-like operating systems. It is maintained by the Linux Foundation. In the FHS, all files and directories appear under the root directory /, even if they are st
5 min read
Linux Directory Structure
Prerequisite: Linux File Hierarchy Structure In Linux/Unix operating system everything is a file even directories are files, files are files, and devices like mouse, keyboard, printer, etc are also files. Here we are going to see the Directory Structure in Linux. Types of files in the Linux system.
5 min read
Linux Kernel
Linux Kernel
Linux Kernel is the heart of Linux operating systems. It is an open-source (source code that can be used by anyone freely) software that is most popular and widely used in the industry as well as on a personal use basis. Who created Linux and why? Linux was created by Linus Torvalds in 1991 as a hob
4 min read
Kernel in Operating System
A kernel is the core part of an operating system. It acts as a bridge between software applications and the hardware of a computer. The kernel manages system resources, such as the CPU, memory, and devices, ensuring everything works together smoothly and efficiently. It handles tasks like running pr
10 min read
How Linux Kernel Boots?
Many processes are running in the background when we press the system's power button. It is very important to learn the Linux boot process to understand the workings of any operating system. Knowing how the kernel boots is a must to solve the booting error. It is a very interesting topic to learn, l
11 min read
Difference between Operating System and Kernel
In the world of computing, two terms that are frequently mentioned are Operating System (OS) and Kernel. In this article, we will explore the key differences between the OS and the Kernel, their functions, and how they work together to manage hardware and software. What is an Operating System?An Ope
3 min read
Linux Kernel Module Programming: Hello World Program
Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. Custom codes can be added to Linux kernels via two methods. The basic way is to add the code to the kernel source tree and
7 min read
Linux Loadable Kernel Module
If you want to add code to a Linux kit, the basic way to do that is to add source files to the kernel source tree and assemble the kernel. In fact, the process of setting up the kernel consists mainly of selecting which files to upload to the kernel will be merged. But you can also add code to the L
7 min read
Loadable Kernel Module - Linux Device Driver Development
For Linux device drivers, we can use only two languages: Assembler and C. Assembler implements the main parts of the Linux kernel, while C implements the architecture-dependent parts. Uploaded kernel modules are often referred to as kernel modules or modules, but those are misleading names because t
4 min read
Linux Networking Tools
Network configuration and troubleshooting commands in Linux
Computers are often connected to each other on a network. They send requests to each other in the form of packets that travel from the host to the destination. Linux provides various commands from network configuration and troubleshooting. Network Configuration and Troubleshooting Commands in Linux
5 min read
How to configure network interfaces in CentOS?
A network interface is a link between a computer and another network(Private or Public). The network interface is basically a card which is known as NIC or Network Interface Card, this does not necessarily have to be in a physical form instead, it can be inbuilt into the software. If we take the exa
5 min read
Command-Line Tools and Utilities For Network Management in Linux
If you are thinking of becoming a system administrator, or you are already a system admin, then this article is for you. As a system admin, your daily routine will include configuring, maintaining, troubleshooting, monitoring, securing networks, and managing servers within data centers. Network conf
8 min read
Linux - Network Monitoring Tools
Network monitoring is using a system (hardware or software) that continuously observes your network and the data flows through it, depending on how the monitoring solution actually functions and informs the network administrator. We can keep a check on all the activities of our network easily. While
4 min read
Shell Scripting & Bash Scripting
Introduction to Linux Shell and Shell Scripting
If we are using any major operating system, we are indirectly interacting with the shell. While running Ubuntu, Linux Mint, or any other Linux distribution, we are interacting with the shell by using the terminal. In this article we will discuss Linux shells and shell scripting so before understandi
7 min read
What is Terminal, Console, Shell and Kernel?
Understanding the terms terminal, console, shell, and kernel is crucial for anyone working with computers or learning about operating systems. These concepts are key components of how we interact with our devices and software. The terminal is a text-based interface used to interact with the computer
5 min read
How to Create a Shell Script in linux
Shell is an interface of the operating system. It accepts commands from users and interprets them to the operating system. If you want to run a bunch of commands together, you can do so by creating a shell script. Shell scripts are very useful if you need to do a task routinely, like taking a backup
7 min read
Shell Scripting - Different types of Variables
The shell is a command-line interpreter for Linux and Unix systems. It provides an interface between the user and the kernel and executes commands. A sequence of commands can be written in a file for execution in the shell. It is called shell scripting. It helps to automate tasks in Linux. Scripting
4 min read
Bash Scripting - Introduction to Bash and Bash Scripting
Bash is a command-line interpreter or Unix Shell and it is widely used in GNU/Linux Operating System. Â It is written by Brian Jhan Fox. It is used as a default login shell for most Linux distributions. Scripting is used to automate the execution of the tasks so that humans do not need to perform the
10 min read
Bash Script - Define Bash Variables and its types
Variables are an important aspect of any programming language. Without variables, you will not be able to store any required data. With the help of variables, data is stored at a particular memory address and then it can be accessed as well as modified when required. In other words, variables let yo
12 min read
Shell Scripting - Shell Variables
A shell variable is a character string in a shell that stores some value. It could be an integer, filename, string, or some shell command itself. Basically, it is a pointer to the actual data stored in memory. We have a few rules that have to be followed while writing variables in the script (which
6 min read
Bash Script - Difference between Bash Script and Shell Script
In computer programming, a script is defined as a sequence of instructions that is executed by another program. A shell is a command-line interpreter of Linux which provides an interface between the user and the kernel system and executes a sequence of instructions called commands. A shell is capabl
4 min read
Shell Scripting - Difference between Korn Shell and Bash shell
Korn Shell: Korn Shell or KSH was developed by a person named David Korn, which attempts to integrate the features of other shells like C shell, Bourne Shell, etc. Korn Shell allows developers to generate and create new shell commands whenever it is required. Korn shell was developed a long year bac
3 min read
Shell Scripting - Interactive and Non-Interactive Shell
A shell gives us an interface to the Unix system. While using an operating system, we indirectly interact with the shell. On Linux distribution systems, each time we use a terminal, we interact with the shell. The job of the shell is to interpret or analyze the Unix commands given by users. A shell
3 min read
Shell Script to Show the Difference Between echo “$SHELL†and echo ‘$SHELL’
In shell scripting and Linux, the echo command is used to display text on the terminal or console. When used with the $SHELL variable, which contains the path of the current user's shell program, the output of the echo command can be different depending on whether the variable is enclosed in single
4 min read