How to Set Up a Linux Firewall on a Server

The importance of a robust firewall in server security cannot be overstated. Firewalls provide the first line of defense against unauthorized access and potential threats. In this tutorial, we will focus on setting up a firewall on two widely-used Linux distributions: Rocky/AlmaLinux and Debian/Ubuntu. We'll cover the installation, configuration, and some essential commands for each distribution, ensuring you have a solid understanding of firewall management.

Installing and Configuring Firewalld

Firewalld is a dynamic firewall management tool that comes pre-installed on many Linux distributions, including Rocky/AlmaLinux.

Checking if Firewalld is Installed

Let's begin by checking the status of Firewalld on your system:

sudo firewall-cmd --state

If Firewalld is active, the command will return "running."

Installing Firewalld on Rocky/AlmaLinux

If Firewalld is not installed on your Rocky/AlmaLinux system, you can install it using the package manager:

sudo yum install firewall-cmd

Allowing a Port

A fundamental aspect of firewall configuration is allowing or denying traffic through specific ports. To permit traffic through port 80 for web services, use this command:

sudo firewall-cmd --add-port=80/tcp --permanent

The --permanent option ensures the rule survives reboots.

Adding a Service

Firewalld allows you to configure rules based on services. To allow HTTP traffic, for instance:

sudo firewall-cmd --add-service=http --permanent

Remember to reload the firewall to apply the changes:

sudo firewall-cmd --reload

Specifying Traffic by Subnet

You can also restrict or allow traffic based on subnets. To permit traffic from the 172.16.1.0/24 subnet:

sudo firewall-cmd --zone=internal --add-source=172.16.1.0/24 --permanent

Listing Ports and Services

To view all the ports and services currently allowed by the firewall:

sudo firewall-cmd --list-all

For a more comprehensive overview, you can also list all zones and their associated rules:

sudo firewall-cmd --list-all-zones

Implementing iptables Rules

iptables is a powerful tool for configuring firewall rules and is commonly used on both Rocky/AlmaLinux and Debian/Ubuntu.

Checking iptables Status

Before delving into rule creation, let's check the current status of your iptables firewall:

sudo iptables -L -v

This command will display existing rules and their corresponding statistics.

Allowing Traffic Through a Port

Similar to firewalld, you can allow traffic through a specific port using iptables:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This rule specifically allows TCP traffic on port 80.

Blocking Traffic From an IP Address

To block all traffic originating from a specific IP address:

sudo iptables -A INPUT -s <IP_address> -j DROP

Replace <IP_address> with the IP address you wish to block.

Distribution-Specific Instructions

Rocky/AlmaLinux Firewall Configuration

On Rocky/AlmaLinux, FirewallD is the default firewall management tool. If you prefer to use iptables, you may need to install it manually:

sudo yum install iptables-services

Then, ensure that the iptables service is enabled and starts on boot:

sudo systemctl enable iptables
sudo systemctl start iptables

Debian/Ubuntu Firewall Configuration

For Debian/Ubuntu, the Uncomplicated Firewall (UFW) is the default firewall management tool. It provides a user-friendly interface for managing iptables rules. To install UFW:

sudo apt update
sudo apt install ufw

To allow SSH connections through UFW:

sudo ufw allow ssh

And to enable UFW:

sudo ufw enable

Best Practices and Recommendations

As you configure your Linux firewall, keep these distribution-agnostic best practices in mind:

  • Always test firewall rules in a controlled environment before deploying them to production servers.
  • Regularly review and update your firewall rules to address evolving security threats.
  • Document your firewall rules with comments to aid future maintenance and collaboration.
  • Implement rate-limiting to protect against brute-force login attempts.
  • Stay up-to-date with security patches and updates for your Linux distribution and firewall software.

Setting up a Linux firewall is a critical step in securing your server infrastructure. This guide has provided you with the tools and knowledge to configure firewalls on Rocky/AlmaLinux and Debian/Ubuntu systems. Remember to adapt the instructions to your specific use case and distribution, and always stay vigilant about security updates.