Using Firewalls in Linux (iptables and firewalld)

Security firewalls are one of the most important tools for securing Linux systems. The two commonly used firewall management systems on Linux are iptables and firewalld. In this article, I will explain how to configure firewalls using iptables and firewalld in detail.

1. What is a Firewall and Why is it Important?

A firewall is a system that blocks unauthorized network access. On Linux servers, you can allow or block specific connections.

For example: You can configure a server to accept only SSH (22) and HTTP (80) connections and block all other requests.

There are two main tools for managing firewalls on Linux:

• iptables: An older but powerful firewall manager.
• firewalld: Built on top of iptables, offering a more modern and user-friendly management system.

2. Using iptables

iptables is a powerful firewall tool used to filter network packets.

Basic iptables Commands

Example: Allow SSH and HTTP, Block All Other Connections

sudo iptables -F
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

This set of commands allows SSH (22), HTTP (80), and HTTPS (443) and blocks all other connections.

To make rules persistent:

sudo iptables-save > /etc/iptables/rules.v4

3. Using firewalld

firewalld is a more flexible and user-friendly firewall management system compared to iptables.

Starting and Checking Firewalld

sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --state

Basic firewalld Commands

Example: Allow SSH, HTTP, and HTTPS, Block All Other Connections

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

In firewalld, rules are persistent and are saved with the --permanent flag.

4. Basic Security Scenarios

Here are a few examples of commonly used firewall rules in Linux systems:

1️⃣ Allow SSH (22) Port for Specific IPs

If you want only a specific IP to have SSH access, use:

With iptables:

sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.1.100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

With firewalld:

sudo firewall-cmd --permanent --add-rich-rule='rule family='ipv4' source address='192.168.1.100' service name='ssh' accept'

2️⃣ Block All Incoming Traffic, Allow Only Specific Ports

With iptables:

sudo iptables -P INPUT DROP
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

With firewalld:

sudo firewall-cmd --permanent --remove-service=all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

5. Persistent Rules and Automatic Loading

To make iptables rules persistent:

sudo iptables-save > /etc/iptables/rules.v4

In firewalld, changes are persistent, but you need to keep the firewalld service active:

sudo systemctl enable firewalld

6. Summary

To enhance security on Linux, managing incoming and outgoing traffic with iptables or firewalld is a critical step.

• ✔ Close unnecessary ports.
• ✔ Allow only specific IP addresses.
• ✔ Regularly review firewall rules.
• ✔ Update security policies regularly.

By using these methods, you can make your Linux server more secure!