May 10, 2025 - 08:40
Using Firewalls in Linux (iptables and firewalld) Image
Linux

Using Firewalls in Linux (iptables and firewalld)

Comments

Security firewalls are one of the most important tools for securing Linux systems. The two commonly used firewall management systems on Linux are iptables and firewalld. In this article, I will explain how to configure firewalls using iptables and firewalld in detail.


1. What is a Firewall and Why is it Important?

A firewall is a system that blocks unauthorized network access. On Linux servers, you can allow or block specific connections.

For example: You can configure a server to accept only SSH (22) and HTTP (80) connections and block all other requests.

There are two main tools for managing firewalls on Linux:

  • iptables: An older but powerful firewall manager.
  • firewalld: Built on top of iptables, offering a more modern and user-friendly management system.

2. Using iptables

iptables is a powerful firewall tool used to filter network packets.

Basic iptables Commands

Action Command
List current rules sudo iptables -L -v -n
Flush all rules sudo iptables -F
Allow a specific port (SSH - 22) sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Block a specific port sudo iptables -A INPUT -p tcp --dport 23 -j DROP
Block all incoming connections sudo iptables -P INPUT DROP

Example: Allow SSH and HTTP, Block All Other Connections

BASH
sudo iptables -F
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

This set of commands allows SSH (22), HTTP (80), and HTTPS (443) and blocks all other connections.

To make rules persistent:

BASH
sudo iptables-save > /etc/iptables/rules.v4

3. Using firewalld

firewalld is a more flexible and user-friendly firewall management system compared to iptables.

Starting and Checking Firewalld

BASH
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --state

Basic firewalld Commands

Action Command
List active zones sudo firewall-cmd --get-active-zones
Allow a specific port (SSH - 22) sudo firewall-cmd --permanent --add-service=ssh
Close a specific port sudo firewall-cmd --permanent --remove-service=http
List current rules sudo firewall-cmd --list-all
Reload firewalld sudo firewall-cmd --reload

Example: Allow SSH, HTTP, and HTTPS, Block All Other Connections

BASH
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

In firewalld, rules are persistent and are saved with the --permanent flag.


4. Basic Security Scenarios

Here are a few examples of commonly used firewall rules in Linux systems:

1️⃣ Allow SSH (22) Port for Specific IPs

If you want only a specific IP to have SSH access, use:

With iptables:

BASH
sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.1.100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

With firewalld:

BASH
sudo firewall-cmd --permanent --add-rich-rule='rule family='ipv4' source address='192.168.1.100' service name='ssh' accept'

2️⃣ Block All Incoming Traffic, Allow Only Specific Ports

With iptables:

BASH
sudo iptables -P INPUT DROP
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

With firewalld:

BASH
sudo firewall-cmd --permanent --remove-service=all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

5. Persistent Rules and Automatic Loading

To make iptables rules persistent:

BASH
sudo iptables-save > /etc/iptables/rules.v4

In firewalld, changes are persistent, but you need to keep the firewalld service active:

BASH
sudo systemctl enable firewalld

6. Summary

To enhance security on Linux, managing incoming and outgoing traffic with iptables or firewalld is a critical step.

  • Close unnecessary ports.
  • Allow only specific IP addresses.
  • Regularly review firewall rules.
  • Update security policies regularly.

By using these methods, you can make your Linux server more secure!

Related Articles

Comments ()

No comments yet. Be the first to comment!

Leave a Comment