A Step-By-Step Guide on How to Configure a Firewall in Linux

Before starting with the steps involved in configuring a firewall in Linux, let’s make sure we understand what a firewall is and how it works.

Understanding what a firewall is and how it works:

A firewall is network security software that monitors your network’s incoming and outgoing traffic. In simple words, This is an intermediary system between the device and the internet. Thus, the barrier is placed between the safe and unsafe place. The safe place is your private network and the unsafe place is the internet. This way, a firewall not only eliminates unwanted network communication but also prevents your server from malicious attacks.

Why is it necessary to enable a firewall for my Linux system?

If you have a Linux machine, you are guaranteed a certain level of security by default, courtesy of the amazing Linux developer community. Linux systems are generally immune to most viruses and other threats that many other operating systems succumb to. But with the increase in the volume, variety, and intensity of cyber threats today, configuring a Linux firewall is quite a necessity.

Steps to configure a firewall in Linux manually:

Step 1: Up your Linux Security

It is equally important to make sure your Linux system is up to date with the latest security updates installed, as well as, your operating system version is also up to date.

With Ubuntu/Debian Linux distribution, ‘iptables’ is pre-installed. However, CentOS 7 and onwards replaces iptables with FirewallD as the default firewall management tool.

Note: If you are comfortable with iptables, you can continue using it, but make sure you disable FirewallD in your CentOS before installing iptables. 

Step 2: Configuring IPTABLES:

iptables is a command-line firewall utility program that allows filtering traffic. The iptables tool decides which packets can come in and go out based on the rules it is configured to follow. It uses policy chains to allow or block the traffic. There are three types of policy chains:

Chains are a set of rules defined for a particular task.

We have three chains(set of rules) that are used to process the traffic:-

● INPUT Chains: Any traffic from the internet(network) towards your local machine has to go through the input chains. That means they have to go through all the rules that have been set up in the Input chain.

● OUTPUT Chains: Any traffic going from your local machine to the internet needs to go through the output chains.

● FORWARD Chains: used for packets that aren’t being delivered locally, i.e. packets routed via the server

Different Policies:-

There are three actions which the iptables can perform on the traffic

1. ACCEPT

When traffic passes the rules in its specified chain, the iptable accepts the traffic. That means it opens up the gate and allows the person to go inside the kingdom of Thanos.

2. DROP

When the traffic cannot pass the rules in its specified chain, the iptable blocks that traffic, which means the firewall is closed.

3. REJECT

This type of action is similar to the drop action, but it sends a message to the traffic sender stating that the data transfer has failed.

Generally, use REJECT when you want the other end to know the port is unreachable’. Use DROP for connections to hosts you don’t want people to see.

iptables usually comes pre-installed with your Linux. However, if it is missing, you can install it using the following command:

Different OS flavours use different installation commands

sudo apt-get install iptables

iptables installation on Ubuntu/Debian Systems: 

sudo yum install iptables-services

iptables installation on Enterprise Linux OS like CentOS

To check the default configuration, run the following command:

sudo iptables – L

to check the configuration on  Ubuntu/Debian Systems

sudo iptables -nvL

 to check the configuration on Linux OS like CentOS 

To flush all the pre-configured rules, run the following command:

iptables – F

To clear the firewall rules

To start the iptables service in CentOS, run the following command:

sudo systemctl start iptables

start iptables on Centos

To enable iptables in CentOs, run the following command:

sudo systemctl enable iptables

enable iptables on Centos

STEP 3: BLOCK COMMANDS:

To block/drop connections for a particular IP address:

iptables -A INPUT -s xx.xx.xx.xx -j DROP

xx.xx.xx.xx is your IP address

To block/drop connections from a range of IP addresses, run the following command:

iptables -A INPUT -s xx.xx.xx.xx /24 -j DROP

OR

iptables -A INPUT -s xx.xx.xx.xx /255.255.255.0 -j DROP

xx.xx.xx.xx is your IP address

 To block/drop connections to a specific port, run the following command:

iptables -A INPUT -p tcp –dport imap -j DROP

iptables commands for some of the common types of attacks :

iptables -A INPUT -p tcp–syn -m state –state NEW -j DROP

 to drop syn-flood packet 

iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP

to drop NULL packet

iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP

 Block XMAS Packets 

STEP 4: Decide which firewall ports to leave open:

Here are some ports you could decide to leave open:

For outgoing connections:

● 80/tcp for HTTP

● 53/udp for DNS

● 443/tcp for HTTPS (secured HTTP)

● 21/tcp for FTP (File Transfer Protocol)

● 465/tcp for SMTP (send emails)

● 25/tcp for Insecure SMTP

● 22/tcp for SSH (secure connection from computer to computer)

● 993/tcp&udp for IMAP (receive emails)

● 143/tcp&udp for Insecure IMAP

● 9418/tcp for GIT (version control system)

For Incoming connections:

● 993/tcp&udp for IMAP (receive emails)

● 143/tcp&udp for Insecure IMAP

● 110/tcp for POP3 (old way to receive emails)

● 22/tcp for SSH (secure connection from computer to computer)

● 9418/tcp for GIT (version control system)

Step 5: Save your firewall configuration

Type the following command to save the settings you’ve configured and restart your firewall:

iptables -L -n

iptables-save | sudo tee /etc/sysconfig/iptables

service iptables restart

CONCLUSION:

By following the above steps, it is easy to easily enable a firewall in Linux. If your website is hosted on VPS (Virtual Private Server) Hosting, then you can easily make changes to your server, as VPS Hosting comes with full root access. This way, you have complete control of your hosting server and can customize it as you see fit.

MyReseller VPS server Plans

Hope we’ve made this process an easy-to-follow guide for you to configure a firewall in Linux.

MyResellerhome Dedicated Server Plans

Hope we’ve made this process an easy-to-follow guide for you to configure a firewall in Linux.

You can follow us on Twitter and Facebook.