The importance of a robust firewall in server security cannot be overstated. Firewalls provide the first line of defense against unauthorized access and potential threats. In this tutorial, we will focus on setting up a firewall on two widely-used Linux distributions: Rocky/AlmaLinux and Debian/Ubuntu. We'll cover the installation, configuration, and some essential commands for each distribution, ensuring you have a solid understanding of firewall management.
Installing and Configuring Firewalld
Firewalld is a dynamic firewall management tool that comes pre-installed on many Linux distributions, including Rocky/AlmaLinux.
Checking if Firewalld is Installed
Let's begin by checking the status of Firewalld on your system:
sudo firewall-cmd --state
If Firewalld is active, the command will return "running."
Installing Firewalld on Rocky/AlmaLinux
If Firewalld is not installed on your Rocky/AlmaLinux system, you can install it using the package manager:
sudo yum install firewall-cmd
Allowing a Port
A fundamental aspect of firewall configuration is allowing or denying traffic through specific ports. To permit traffic through port 80 for web services, use this command:
sudo firewall-cmd --add-port=80/tcp --permanent
The --permanent
option ensures the rule survives reboots.
Adding a Service
Firewalld allows you to configure rules based on services. To allow HTTP traffic, for instance:
sudo firewall-cmd --add-service=http --permanent
Remember to reload the firewall to apply the changes:
sudo firewall-cmd --reload
Specifying Traffic by Subnet
You can also restrict or allow traffic based on subnets. To permit traffic from the 172.16.1.0/24 subnet:
sudo firewall-cmd --zone=internal --add-source=172.16.1.0/24 --permanent
Listing Ports and Services
To view all the ports and services currently allowed by the firewall:
sudo firewall-cmd --list-all
For a more comprehensive overview, you can also list all zones and their associated rules:
sudo firewall-cmd --list-all-zones
Implementing iptables Rules
iptables is a powerful tool for configuring firewall rules and is commonly used on both Rocky/AlmaLinux and Debian/Ubuntu.
Checking iptables Status
Before delving into rule creation, let's check the current status of your iptables firewall:
sudo iptables -L -v
This command will display existing rules and their corresponding statistics.
Allowing Traffic Through a Port
Similar to firewalld, you can allow traffic through a specific port using iptables:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
This rule specifically allows TCP traffic on port 80.
Blocking Traffic From an IP Address
To block all traffic originating from a specific IP address:
sudo iptables -A INPUT -s <IP_address> -j DROP
Replace <IP_address>
with the IP address you wish to block.
Distribution-Specific Instructions
Rocky/AlmaLinux Firewall Configuration
On Rocky/AlmaLinux, FirewallD is the default firewall management tool. If you prefer to use iptables, you may need to install it manually:
sudo yum install iptables-services
Then, ensure that the iptables service is enabled and starts on boot:
sudo systemctl enable iptables
sudo systemctl start iptables
Debian/Ubuntu Firewall Configuration
For Debian/Ubuntu, the Uncomplicated Firewall (UFW) is the default firewall management tool. It provides a user-friendly interface for managing iptables rules. To install UFW:
sudo apt update
sudo apt install ufw
To allow SSH connections through UFW:
sudo ufw allow ssh
And to enable UFW:
sudo ufw enable
Best Practices and Recommendations
As you configure your Linux firewall, keep these distribution-agnostic best practices in mind:
- Always test firewall rules in a controlled environment before deploying them to production servers.
- Regularly review and update your firewall rules to address evolving security threats.
- Document your firewall rules with comments to aid future maintenance and collaboration.
- Implement rate-limiting to protect against brute-force login attempts.
- Stay up-to-date with security patches and updates for your Linux distribution and firewall software.
Setting up a Linux firewall is a critical step in securing your server infrastructure. This guide has provided you with the tools and knowledge to configure firewalls on Rocky/AlmaLinux and Debian/Ubuntu systems. Remember to adapt the instructions to your specific use case and distribution, and always stay vigilant about security updates.