What is Linux Firewall (firewalld)
A virtual wall in the security system world is designed to protect our system from unwanted traffic and unauthorized access to our system. The security system in Linux OS is known as Linux Firewall, which monitors and governs the network traffic (outbound/inbound connections). It can be used to block access to different IP addresses, Specific subnets, ports (virtual points where network connections begin and end), and services. We have a daemon’s name called Firewalld which is used to maintain the firewall policies. A dynamically managed firewall tool in a Linux system is known as Firewalld, it can be updated in real-time if there are any changes in the network environment.
This Firewalld works in concepts of zones (segments). We can check whether our firewall services are running or not by using the commands sudo (user access) and systemctl (use to control and manage the status of services).
sudo systemctl status firewalld
Command to check the running status of our Firewalld services.
Here is the output showing services actively running
Some rules of Firewall
To protect our system from unauthorized access and to control network traffic (incoming and outgoing). We can do customization in ports, addresses, protocols, etc. some common examples are listed below:
Rule 1: Allowing SSH (Secure Shell or Secure Socket Shell) traffic
By using this we can allow all incoming traffic on the SHH port so that we can connect to the system remotely.
sudo firewall-cmd --zone=public --add-services=ssh --permanent sudo firewall-cmd --reload
As we can see it is done successfully
Rule 2: Allowing incoming traffic on a specific port
We are allowing traffic on a specific TCP port 8080 you can replace it with requirements.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent sudo firewall-cmd --reload
Both the command showed success
Rule 3: Blocking incoming traffic on a specific IP address
We are blocking incoming traffic on IP 192.168.52.1 you can replace it with your requirements.
sudo firewall-cmd --zone=public --add-rich='rule family="ipv4" source address="192.168.52.1" reject' sudo firewall-cmd --reload
we have also mentioned family of IP (ipv4)
Types of Linux Firewalls
There is more than one Linux firewall option available. When we come to drop down and research, we have a few popular names IPCop, iptables, Shorewall, and UFW But one of the most popular is the “iptables“ firewall.
Iptables Working:
Linux-based software that performs manipulation functions, packet filtering, and NAT (network address translation) is known as Iptables. With the help of Iptables which allows system administrators to control incoming and outgoing traffic by setting up the rules.
When a packet is received in a Linux base system, it has to go through the chains and tables in the iptables firewall. The most commonly used tables are filter and nat but we have five predefined tables in iptables (raw, nat, filter, security, and mangle).
Types of Tables
We will discuss five predefined tables:
- Security Table: It is often used in conjunction with other security tools like SELinux, it is also used for MAC (Mandatory Access Control) rules, which can further be used to set rules related to security labels and access controls. It has four built-in chains: OUTPUT, FORWARD, INPUT, and SECMARK.
- Mangle Table: It is used to modify packets by setting the packet’s ToS/DSCP field, altering packet header fields, and changing packet marks. It has Five built-in chains: POSTROUTING, FORWARD, OUTPUT, PREROUTING, and INPUT.
- Nat Table: It stands for network address translation, which helps in sharing a single public IP address between multiple devices. It has two built-in chains: PREROUTING and POSTROUTING.
- Raw Table: It is used for the configuration of low-level packet processing. It has limited built-in chains, but the user can create additional chains if required.
- Filter Table: It is used for packet filtering. It has three built-in chains. INPUT, OUTPUT, and FORWARD.
Here filters are responsible for filtering the packets on the defined rules based on the source and destination of the IP address, port number, and protocol type. And Chains there are three different types of built-in chains.
Types of Chains
Chain Rule: Rules that are described for a particular task. Subdivided into three types:
- INPUT: Filter incoming traffic in the local system.
- OUTPUT: Filter Outgoing traffic for the local system.
- FORWARD: Packets forwarded from one system to another go throw it.
LINUX Firewall
Linux OS, we must know that it is a system based on Unix-like. Systems that are called Unix-like or Unix-based are designed to behave and function similarly to the Unix OS. Linux OS comes under the open-source family (code designed to be publicly accessible) and is based on the Linux kernel. It was initially released on September 17, 1991, by Linus Torvalds.
It has a modular design, which helps us with system customization according to our needs. Linux is open-source software that has helped in the growth and development of our developer community which is contributing to the open-source community. It also offers a command line interface for interacting with OS and also has a graphical interface for users who are not used to working with the command line interface.