As in the previous blog, we saw the real definition of the Firewall. In this blog, we will see the Firewall in Linux and how we can manipulate its service. So let’s get started with the blog.

Introduction

A Linux firewall is a security mechanism implemented in the Linux operating system to protect a computer or network from unauthorized access and network-based attacks.

It acts as a barrier between the internal network and the external network, allowing or denying network traffic based on a set of predefined rules.

Basically, it is used to determine and block untrusted networks or traffic from accessing our system.

Tools for Managing Firewall

There are two tools present in the Linux distribution, which are:

A) firewalld.

B) iptables.

Introduction to Firewalld

Firewalld is a dynamic firewall management tool in Linux that provides a high-level interface for managing firewall rules. It is designed to simplify the process of configuring and managing firewalls, especially in complex network environments.

Firewalld is the default firewall management tool in many modern Linux distributions, including CentOS, Fedora, and Red Hat Enterprise Linux.

Features of Firewalld

Here are some key features and concepts related to Firewalld:

Zones:

Firewalld organizes network connections into different zones based on the level of trust associated with each zone.

Examples of zones include “public” for untrusted networks, “internal” for trusted internal networks, and “dmz” for demilitarized zones. Each zone has its own set of rules defining how network traffic is allowed or blocked.

Services:

Firewalld supports the concept of services, which are predefined sets of rules for specific network services or applications. Services can be associated with specific ports and protocols, making it easier to allow or block access to common services such as SSH, HTTP, or FTP.

Runtime and permanent configurations:

Firewalld distinguishes between runtime and permanent configurations. The runtime configuration represents the currently active firewall rules, while the permanent configuration is the saved configuration that persists across system reboots. This separation allows you to test and make changes to the firewall without affecting the permanent configuration until you explicitly save the changes.

Rich Rules:

Firewalld supports rich rules, which are more advanced firewall rules that allow you to define complex packet filtering and network address translation (NAT) rules. Rich rules provide more flexibility than the simple rule syntax and can match packets based on various criteria, including source/destination IP addresses, ports, protocols, and more.

Zones with interfaces:

Firewalld allows you to assign network interfaces to specific zones. This enables automatic zone assignment for network connections based on the interface they are connected to. For example, you can assign the “eth0” interface to the “external” zone and “eth1” to the “internal” zone, ensuring that network traffic is handled according to the rules defined for each zone.

Integration with NetworkManager:

Firewalld integrates with NetworkManager, a popular network configuration tool in Linux. This integration enables dynamic zone assignment based on network connections, such as switching between different zones when connecting to different networks (e.g., switching from a public Wi-Fi network to a trusted home network).

Installation of Firewalld

$ sudo apt install firewalld

The above command will install “firewalld “ in your system.

Enable and Disable Firewall

A) Check the status of the Firewall Service

$ systemctl status firewalld.service
 firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
     Active: active (running) since Sun 2023-05-21 18:15:57 IST; 21min ago
       Docs: man:firewalld(1)
 

B) Start or Enable the Firewall Service

$ systemctl start firewalld.service

$ systemctl status firewalld.service
 firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
     Active: active (running) since Sun 2023-05-21 18:15:57 IST; 21min ago
       Docs: man:firewalld(1)

C) Stop or Disable the Firewall Service

$ systemctl stop firewalld.service

$ systemctl status firewalld.service
 firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
     Active: inactive (dead) since Sun 2023-05-21 18:38:41 IST; 2s ago
       Docs: man:firewalld(1)
    Process: 10449 ExecStart=/usr/sbin/firewalld --nofork --nopid (code=exited,>
   Main PID: 10449 (code=exited, status=0/SUCCESS)

D) Restart the Firewall Service

$ systemctl stop firewalld.service

See the Existing Firewall Rules

A) Check the rules of firewalld

$ firewall-cmd --list-all

public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

B) Listing of all the services firewalld

The list of the services which you will get by this command means that the firewall will understand only services. We can not add new services to it.

$ firewall-cmd --get-services

C) To reload the config of the firewall

$ firewall-cmd --reload
success

D) To see the multiple zones in the Firewall

In the context of firewalls, zones refer to predefined or custom-defined network areas or environments with a certain level of trust or security requirements.

Each zone is associated with a set of firewall rules that define how network traffic should be handled within that zone. The concept of zones allows administrators to easily manage and enforce different levels of security policies based on the network environment.

$ firewall-cmd --get-zones

block dmz drop external home internal public trusted work

Here are a few common zones that you might encounter in a firewall configuration:

Public zone:

The public zone is typically used for untrusted or public networks, such as the Internet or public Wi-Fi. The firewall rules associated with the public zone are usually more restrictive to protect the system from external threats. Incoming network traffic is typically limited to only essential services.

Internal zone:

The internal zone represents trusted internal networks, such as a private LAN or corporate intranet. The firewall rules for the internal zone are typically more permissive to allow necessary internal communication between devices. Incoming network traffic may be allowed for various services used within the internal network.

DMZ (Demilitarized Zone) zone:

The DMZ zone is an isolated network segment where publicly accessible servers or services are placed. This zone provides a buffer between the internal network and the external network, allowing controlled access to specific services from the Internet. The firewall rules for the DMZ zone are configured to allow incoming traffic for the services hosted in the DMZ while limiting direct access to the internal network.

Trusted zone:

Some firewall configurations might include a trusted zone specifically for highly trusted networks or hosts. This zone is usually associated with the most permissive firewall rules, allowing unrestricted communication between trusted devices or networks.

E) To see the list of active zones


$ firewall-cmd --get-active-zones
public
  interfaces: wlo1

F) To get firewall rules for a specific zone

$ firewall-cmd --zone=public --list-all

Add and Remove Services from Firewall Rules

A) Add a new Service in the Firewall Rules

B) Remove the Service from the Firewall Rules

Adding/ Removing Ports

Blocking Incoming and Outgoing Traffic

Block ICMP

FAQ

What are Linux Firewalls?

A Linux firewall is a security mechanism implemented in the Linux operating system to protect a computer or network from unauthorized access and network-based attacks.

It acts as a barrier between the internal network and the external network, allowing or denying network traffic based on a set of predefined rules.

Recent Articles on Computer Networks

  1. Introduction to Computer Networking | What is Computer Network
  2. What are Topology & Types of Topology in Computer Network
  3. What is FootPrinting in Cyber Security and its Types, Purpose
  4. Introduction to Cloud Computing | What is Cloud Computing
  5. Distributed Shared Memory and its advantages and Disadvantages
  6. What is VPN? How doe VPN Work? What VPN should I use?
  7. What is an Internet and How the Internet Works
  8. What is a Website and How Does a Website or web work?
  9. Introduction to Virus and different types of Viruses in Computer
  10. What is TCP and its Types and What is TCP three-way Handshake
  11. What is UDP Protocol? How does it work and what are its advantages?
  12. What is an IP and its Functions, What is IPv4 and IPv6 Address
  13. What is MAC Address and its Types and Difference MAC vs IP
  14. What is ARP and its Types? How Does it Work and ARP Format
  15. Sessions and Cookies and the Difference Between Them
  16. What is ICMP Protocol and its Message Format?
  1. What is Linux Operating System | Introduction to Linux
  2. Directory in Linux Define | Linux Directory & its Commands
  3. Explain the chmod command in Linux | Linux chmod command
  4. Linux User Management || User Management in Linux
  5. Linux Computer Network Advanced Command | Network Command
  6. Redirection in Linux I/O| Linux I/O Redirection

By Vivek Maurya

Write blogs related to Ethical hacking, Computer networks, Linux, Penetration testing and Web3 Security.

Leave a Reply

Your email address will not be published. Required fields are marked *