try.directtry.direct
+(373) 60 775 719

Dashboard

/

Home

/

Blog

/

Linux firewall configuration

Article preview image

Linux firewall configuration

By Vladislav Antoseac

Configuring a firewall is a critical aspect of securing a Linux server.


A well-configured firewall helps protect your server from unauthorized access and potential security threats by controlling incoming and outgoing network traffic. Here’s a guide on Linux firewall configuration for a Linux server firewall.


1. Understanding Firewall Basics:


A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. On a Linux server, firewalls are typically managed using tools like iptables, nftables, or firewalld.


2. Using `iptables` for Firewall Configuration:


`iptables` is a powerful command-line tool for configuring the Linux kernel firewall. It allows you to define rules that filter network traffic. Here’s how to set up a basic firewall using `iptables`:


Install iptables:


sudo apt-get install iptables

bash


Basic Commands:


View current rules:


sudo iptables -L

bash


Allow SSH traffic (port 22):


sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

bash


Allow HTTP traffic (port 80):


sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

bash


Drop all other incoming traffic:


sudo iptables -A INPUT -j DROP

bash


Save Rules:


To ensure the rules persist after a reboot, save them to a file:

sudo iptables-save > /etc/iptables/rules.v4

bash


3. Using `firewalld` for Easier Management:


`firewalld` provides a higher-level interface for managing firewall rules and is often preferred for its ease of use and flexibility.


Install firewalld:

sudo apt-get install firewalld

bash


Basic Commands:


Start and enable firewalld:


sudo systemctl start firewalld
sudo systemctl enable firewalld

Allow SSH traffic:

sudo firewall-cmd --permanent --add-service=ssh

bash


Allow HTTP traffic:

sudo firewall-cmd --permanent --add-service=http

bash


Reload the firewall to apply changes:


sudo firewall-cmd --reload

Shell


4. Using `nftables` for Advanced Configurations:

`nftables` is the successor to `iptables`, providing a unified framework for network packet filtering.


Install nftables:


sudo apt-get install nftables

bash


Basic Configuration:

Create a configuration file (e.g., `/etc/nftables.conf`) with the following rules:


table inet filter {
  chain input {
    type filter hook input priority 0;
    policy drop;
    # Allow established and related connections
    ct state established,related accept
    # Allow loopback traffic
    iif lo accept
    # Allow SSH
    tcp dport 22 accept
    # Allow HTTP
    tcp dport 80 accept
  }
}

Nginx


Apply the Configuration:


sudo nft -f /etc/nftables.conf

bash


By following these steps, you can configure a robust Linux server firewall to protect your system. Whether you use iptables, firewalld, or nftables, understanding the fundamentals of Linux firewall configuration will help you secure your server against potential threats and unauthorized access.


Still have difficulties ? Join our community discord channel, get help and free consultation!

Need a quick help from the Linux expert ?



Linux

Linux server

Linux server firewall

Linux firewall