As in the previous blog, we saw the real definition of the Firewall. In this blog, we will see the Firewall in Linux and how we can manipulate its service. So let’s get started with the blog.
Introduction
A Linux firewall is a security mechanism implemented in the Linux operating system to protect a computer or network from unauthorized access and network-based attacks.
It acts as a barrier between the internal network and the external network, allowing or denying network traffic based on a set of predefined rules.
Basically, it is used to determine and block untrusted networks or traffic from accessing our system.
Tools for Managing Firewall
There are two tools present in the Linux distribution, which are:
A) firewalld.
B) iptables.
Introduction to Firewalld
Firewalld is a dynamic firewall management tool in Linux that provides a high-level interface for managing firewall rules. It is designed to simplify the process of configuring and managing firewalls, especially in complex network environments.
Firewalld is the default firewall management tool in many modern Linux distributions, including CentOS, Fedora, and Red Hat Enterprise Linux.
Features of Firewalld
Here are some key features and concepts related to Firewalld:
Zones:
Firewalld organizes network connections into different zones based on the level of trust associated with each zone.
Examples of zones include “public” for untrusted networks, “internal” for trusted internal networks, and “dmz” for demilitarized zones. Each zone has its own set of rules defining how network traffic is allowed or blocked.
Services:
Firewalld supports the concept of services, which are predefined sets of rules for specific network services or applications. Services can be associated with specific ports and protocols, making it easier to allow or block access to common services such as SSH, HTTP, or FTP.
Runtime and permanent configurations:
Firewalld distinguishes between runtime and permanent configurations. The runtime configuration represents the currently active firewall rules, while the permanent configuration is the saved configuration that persists across system reboots. This separation allows you to test and make changes to the firewall without affecting the permanent configuration until you explicitly save the changes.
Rich Rules:
Firewalld supports rich rules, which are more advanced firewall rules that allow you to define complex packet filtering and network address translation (NAT) rules. Rich rules provide more flexibility than the simple rule syntax and can match packets based on various criteria, including source/destination IP addresses, ports, protocols, and more.
Zones with interfaces:
Firewalld allows you to assign network interfaces to specific zones. This enables automatic zone assignment for network connections based on the interface they are connected to. For example, you can assign the “eth0” interface to the “external” zone and “eth1” to the “internal” zone, ensuring that network traffic is handled according to the rules defined for each zone.
Integration with NetworkManager:
Firewalld integrates with NetworkManager, a popular network configuration tool in Linux. This integration enables dynamic zone assignment based on network connections, such as switching between different zones when connecting to different networks (e.g., switching from a public Wi-Fi network to a trusted home network).
Installation of Firewalld
$ sudo apt install firewalld
The above command will install “firewalld “ in your system.
Enable and Disable Firewall
A) Check the status of the Firewall Service
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
Active: active (running) since Sun 2023-05-21 18:15:57 IST; 21min ago
Docs: man:firewalld(1)
B) Start or Enable the Firewall Service
$ systemctl start firewalld.service
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
Active: active (running) since Sun 2023-05-21 18:15:57 IST; 21min ago
Docs: man:firewalld(1)
C) Stop or Disable the Firewall Service
$ systemctl stop firewalld.service
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pre>
Active: inactive (dead) since Sun 2023-05-21 18:38:41 IST; 2s ago
Docs: man:firewalld(1)
Process: 10449 ExecStart=/usr/sbin/firewalld --nofork --nopid (code=exited,>
Main PID: 10449 (code=exited, status=0/SUCCESS)
D) Restart the Firewall Service
$ systemctl stop firewalld.service
See the Existing Firewall Rules
A) Check the rules of firewalld
$ firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
B) Listing of all the services firewalld
The list of the services which you will get by this command means that the firewall will understand only services. We can not add new services to it.
$ firewall-cmd --get-services
C) To reload the config of the firewall
$ firewall-cmd --reload
success
D) To see the multiple zones in the Firewall
In the context of firewalls, zones refer to predefined or custom-defined network areas or environments with a certain level of trust or security requirements.
Each zone is associated with a set of firewall rules that define how network traffic should be handled within that zone. The concept of zones allows administrators to easily manage and enforce different levels of security policies based on the network environment.
$ firewall-cmd --get-zones
block dmz drop external home internal public trusted work
Here are a few common zones that you might encounter in a firewall configuration:
Public zone:
The public zone is typically used for untrusted or public networks, such as the Internet or public Wi-Fi. The firewall rules associated with the public zone are usually more restrictive to protect the system from external threats. Incoming network traffic is typically limited to only essential services.
Internal zone:
The internal zone represents trusted internal networks, such as a private LAN or corporate intranet. The firewall rules for the internal zone are typically more permissive to allow necessary internal communication between devices. Incoming network traffic may be allowed for various services used within the internal network.
DMZ (Demilitarized Zone) zone:
The DMZ zone is an isolated network segment where publicly accessible servers or services are placed. This zone provides a buffer between the internal network and the external network, allowing controlled access to specific services from the Internet. The firewall rules for the DMZ zone are configured to allow incoming traffic for the services hosted in the DMZ while limiting direct access to the internal network.
Trusted zone:
Some firewall configurations might include a trusted zone specifically for highly trusted networks or hosts. This zone is usually associated with the most permissive firewall rules, allowing unrestricted communication between trusted devices or networks.
E) To see the list of active zones
$ firewall-cmd --get-active-zones
public
interfaces: wlo1
F) To get firewall rules for a specific zone
$ firewall-cmd --zone=public --list-all
Add and Remove Services from Firewall Rules
A) Add a new Service in the Firewall Rules
B) Remove the Service from the Firewall Rules
Adding/ Removing Ports
Blocking Incoming and Outgoing Traffic
Block ICMP
FAQ
A Linux firewall is a security mechanism implemented in the Linux operating system to protect a computer or network from unauthorized access and network-based attacks.
It acts as a barrier between the internal network and the external network, allowing or denying network traffic based on a set of predefined rules.
Recent Articles on Computer Networks
- Introduction to Computer Networking | What is Computer Network
- What are Topology & Types of Topology in Computer Network
- What is FootPrinting in Cyber Security and its Types, Purpose
- Introduction to Cloud Computing | What is Cloud Computing
- Distributed Shared Memory and its advantages and Disadvantages
- What is VPN? How doe VPN Work? What VPN should I use?
- What is an Internet and How the Internet Works
- What is a Website and How Does a Website or web work?
- Introduction to Virus and different types of Viruses in Computer
- What is TCP and its Types and What is TCP three-way Handshake
- What is UDP Protocol? How does it work and what are its advantages?
- What is an IP and its Functions, What is IPv4 and IPv6 Address
- What is MAC Address and its Types and Difference MAC vs IP
- What is ARP and its Types? How Does it Work and ARP Format
- Sessions and Cookies and the Difference Between Them
- What is ICMP Protocol and its Message Format?
Related Articles on Linux
- What is Linux Operating System | Introduction to Linux
- Directory in Linux Define | Linux Directory & its Commands
- Explain the chmod command in Linux | Linux chmod command
- Linux User Management || User Management in Linux
- Linux Computer Network Advanced Command | Network Command
- Redirection in Linux I/O| Linux I/O Redirection