Linux firewalld - What setting do you run on your firewall?

With so much to learn on Linux, Firewall customization was not something very high on my list when I first started using it. I'v learned to navigate the Files system, mount/unmount drive, encrypt partitions & attain software for daily use. I've basically moved my entire work flow over the past year to Linux. Now it's time to figure out these firewall settings and security. What do you do to customize the settings or do you? What should I look out for?

Check out iptables:

http://ipset.netfilter.org/iptables.man.html
https://help.ubuntu.com/community/IptablesHowTo
https://www.cyberciti.biz/tips/linux-iptables-examples.html

1 Like

um, theres bunch of options for ui and stuff, but i just use iptables currently
could do something like this

!/bin/bash

iptables -I INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP

isnt wholly complete or anything but basically what it does is

  • first rule: allows loopback communication(for if any programs use it they wont get blocked)

  • second rule: allow incoming traffic that is established/related to outgoing traffic from you like an http request for a web page, or ping etc

  • third rule: block everything so if someone else pings you, it wont respond but if you ping yourself it will

but you would have to enable iptables as a service but that might be different for different distros, so this exact script would only be effective untill you restart, or do 'iptables -F' which flushes all of the rules currently running.

main things to lookout for would be that if you have a server/service running like ssh you would want to enable incoming traffic, ideally from specific network/ip if you could, but if you cant(as if the traffic could be from different ip's like if you used your phone or something like that) you would have to have a rule before the block rule to enable traffic incoming on port 22, or 80 if was a webserver, etc.

so basically dont block traffic you need to use :p.

1 Like

Firewalld sits on top of iptables/nftables. It's default in fedora and generally better to use for managing the firewall.

2 Likes

+1
nftables is the newer kernel technology
it's both more efficient and more secure

I still prefer iptables.

On my servers I keep it simple and use ufw. Disable everything except what you need like ssh and https. Also, if you have ssh enabled make sure to have fail2ban of setup. Digital Ocean has good tutorials on how to get those up and running.

1 Like