Mastering Linux Firewalls: A Comprehensive Guide to Security

Linux Firewalls: An Overview

Linux operating systems come with a built-in firewall application, much like Windows. Firewall technology has seen improvements over time, and Linux has been utilizing firewall applications as part of its system for quite a while. The first widely used Linux firewall was called ipchains. It was a simple application consisting of a chain of rules to filter traffic. Introduced in Linux kernel 2.2, it replaced the previous ipfwadm application, which was not widely used. The more modern iptables application then replaced ipchains, becoming the primary firewall for Linux.

The Evolution of Linux Firewalls

The iptables service was first introduced in Linux kernel 2.4. It is installed in the /usr/sbin/iptables directory in most Linux systems. If it is not included in your Linux installation or you encounter a new installation, you can install it via the package manager. Iptables is an advanced extension of the ipchains concept. An iptables firewall consists of three different object types: tables, chains, and rules. Essentially, tables contain chains of rules. Each chain has a set of rules that define how packets are filtered. There are three tables, each with some standard chains. You can also add your own custom rules.

Key Components of Iptables

Packet Filtering

Packet filtering is a crucial part of the firewall. The firewall is a packet that performs filtering and contains three standard chains: INPUT, OUTPUT, and FORWARD. The INPUT chain processes incoming packets, and the OUTPUT chain handles outgoing traffic. If the firewall acts as a router, only the FORWARD chain is used for routed packets.

Network Address Translation (NAT)

NAT is used to perform network address translation on outgoing traffic when initiating a new connection. It is only used if your machine acts as a network gateway or proxy server.

Packet Modification

This table is used solely for special packet modifications. Often referred to as the mangle table, it modifies or mangles packets. It contains two standard chains.

Configuring Iptables

Iptables requires some configuration settings. You can configure these settings via GUI (KDE, GNOME, etc.) or use shell commands, which are common across most distributions. To ensure it functions as a basic packet, you need the following commands:

iptables -F
iptables -N
iptables -A INPUT -m state –state RELATED, ESTABLISHED -j ACCEPT

This is the most basic iptables configuration. To list the iptables rules active on your system, use the following command:

iptables –L

To allow communication for specific ports, such as SSH 22 and HTTP 80, use the following commands:

iptables –A INPUT –p tcp –dport ssh –j ACCEPT
iptables –A INPUT –p tcp –sport 80 –j ACCEPT

Several flags are used in the iptables command. Here are some of the most common flags and their functions:

-A: Adds a rule to the rule chain.
-L: Lists the current filter rules.
-p: Specifies the connection protocol used.
–dport: Specifies the required destination port for the rule.
-i: Matches only if the packet comes in on the specified interface.
-v: Provides verbose output.
-s, –source: Specifies the source address.
-d, –target: Specifies the target address.

Remember to run the command sudo iptables-save to save the iptables rules. If you want to remove iptables from system startup, use the command systemctl disable iptables. To view service logs and errors on iptables, use the command journalctl -f -u iptables.service.

Ubuntu Firewall: UFW

The default firewall configuration tool for Ubuntu is the ufw firewall. It is designed to simplify iptables firewall configuration. Ufw provides a user-friendly interface for creating IPv4 or IPv6 host-based firewalls.

By default, the ufw firewall application is disabled. Ufw is not designed to provide complete firewall functionality through the command interface. Instead, it offers an easy way to add or remove simple rules. First, you need to enable ufw. Open a terminal and enter the following command to activate ufw:

sudo ufw enable

To open a port, use the following command. In this command, we are allowing port 22 for SSH:

sudo ufw allow 22

Similarly, you can disable a rule you have allowed using the following command. In this command, we are denying access to port 22:

sudo ufw deny 22

You can also assign line numbers to the rules to order them from top to bottom. In this command, we are defining the rule to allow port 80 at the top using 1:

sudo ufw insert 1 allow 80

CentOS Firewall: Firewalld

Firewalld is used by default in CentOS and some other Linux distributions. The firewalld service provides a dynamically managed firewall application that defines network connections or interfaces. There is a distinction between runtime and permanent configuration options. It also provides an interface for services or applications to add direct firewall rules.

No matter how dynamic your network environment is, you need to be familiar with the general working principle behind each of the predefined zones. The predefined zones, ordered from the least trusted to the most trusted, are as follows:

drop: The lowest level of trust. All incoming connections are dropped without reply, and only outgoing connections are allowed.
block: Similar to the drop command, but instead of just dropping connections, incoming requests are rejected with an icmp-host-prohibited or icmp6-adm-prohibited message.
public: Represents general, untrusted networks. If you do not trust other computers, you can allow incoming connections on a case-by-case basis.
external: Activated if you use the firewall as your network gateway. It is configured for NAT masking, so your internal network remains hidden but accessible.
internal: The other side of the external zone used for the internal part of a network gateway. Computers are quite trusted, and some additional services are available.
dmz: Used for computers in a DMZ (isolated computers that will not have access to the rest of your network). Only certain incoming connections are allowed.
work: Used for work machines. Most computers on the network are considered trusted.
home: Represents a home environment. Generally means you trust other computers.
trusted: Defines all machines on the network as safe. It is the zone with the least security in the current state.

To enable the firewalld firewall at startup, use the following command:

sudo systemctl enable firewalld

To see which zones are selected by default in the firewalld service, use the following command. If the response is “Public,” the Public zone is selected:

firewall-cmd –get-default-zone

To see the zone currently in use, use the following command. The response will be “Public” and the Ethernet card in use:

firewall-cmd –get-active-zones

To list the rules and services set inside, use the following command:

sudo firewall-cmd –list-all

To allow a service, use the following command. In this command, we are activating and allowing the http service within the Public zone:

sudo firewall-cmd –zone=public –add-service=http

For more information, you can visit the official Red Hat Linux guide.

Mastering Linux Firewalls: A Comprehensive Guide to Security

Linux Firewalls: An Overview

The Evolution of Linux Firewalls

Key Components of Iptables

Packet Filtering

Network Address Translation (NAT)

Packet Modification

Configuring Iptables

Ubuntu Firewall: UFW

CentOS Firewall: Firewalld

What is Penetration Testing? A Comprehensive Guide to Pentesting

How to Spot a Phishing Email – 5-Step Checklist

Facial Recognition Tech: Unmasking Its Hidden Flaws and Risks

The Smart Security Guard – 5 Essential Tech Skills for 2026’s Top Hires

The 5 Best Crypto Hardware Wallets – Our Top Picks for Securing Your Assets

Top 10 Security Threats and Expert Tips to Counter Them

Docker Installation and Usage Example

Cyber Security Measures to be Taken in the Office

Using Docker for Penetration Testing Experts

What is Nuclei?

What are the Private Security Patrol Methods?

What is a License Plate Recognition System and How Does It Work?

How to prevent home break-ins

The Hacker News – Cybersecurity

Sectoral Applications of Guard Tour Control Systems

What is RFID and what are its benefits?

Wi-Fi Jamming Attack – Why Your Wireless Security Cameras Might Be Useless During a Break-In

AI Security Cameras – Are They Smart Enough to Stop a Real Criminal?

Beyond the Firewall – How Physical Access Control is Your Last, and Most Critical, Line of Data Defense

Why Are Employees Still Falling for phishing?

The Importance of Dorks in Passive Information Discovery

Guide to Protecting Your Online Identity – Staying Safe in the Digital Age 2026

Linux Firewalls: An Overview

The Evolution of Linux Firewalls

Key Components of Iptables

Packet Filtering

Network Address Translation (NAT)

Packet Modification

Configuring Iptables

Ubuntu Firewall: UFW

CentOS Firewall: Firewalld

Similar Posts