LINUX Firewall




Linux OS, we must know that it is a system based on Unix-like.
Systems that are called Unix-like or Unix-based are designed to behave
and function similarly to the Unix OS. Linux OS comes under the open-
source family (code designed to be publicly accessible) and is based on
the Linux kernel. It was initially released on September 17, 1991, by
Linus Torvalds.
It has a modular design, which helps us with system customization
according to our needs. Linux is open-source software that has helped
in the growth and development of our developer community which is
contributing to the open-source community. It also offers a command
line interface for interacting with OS and also has a graphical interface
for users who are not used to working with the command line interface.

What is Linux Firewall (firewalld)

A virtual wall in the security system world is designed to protect our
system from unwanted traffic and unauthorized access to our system.
The security system in Linux OS is known as Linux Firewall, which
monitors and governs the network traffic (outbound/inbound
connections). It can be used to block access to different IP addresses,
Specific subnets, ports (virtual points where network connections begin
and end), and services. We have a daemon’s name
called Firewalld which is used to maintain the firewall policies. A
dynamically managed firewall tool in a Linux system is known as
Firewalld, it can be updated in real-time if there are any changes in the
network environment.
This Firewalld works in concepts of zones (segments). We can check
whether our firewall services are running or not by using the
commands sudo (user access) and systemctl (use to control and
manage the status of services).
sudo systemctl status firewalld

Command to check the running status of our Firewalld services.

 Here is the output showing services actively running

Some rules of Firewall

To protect our system from unauthorized access and to control

network traffic (incoming and outgoing). We can do customization in
ports, addresses, protocols, etc. some common examples are listed
below:
Rule 1: Allowing SSH (Secure Shell or Secure Socket Shell) traffic
By using this we can allow all incoming traffic on the SHH port so that
we can connect to the system remotely.
sudo firewall-cmd --zone=public --add-services=ssh --permanent
sudo firewall-cmd --reload

As we can see it is done successfully

Rule 2: Allowing incoming traffic on a specific port

We are allowing traffic on a specific TCP port 8080 you can replace it
with requirements.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
 i
Both the command showed success

Rule 3: Blocking incoming traffic on a specific IP address

We are blocking incoming traffic on IP 192.168.52.1 you can replace it
with your requirements.
sudo firewall-cmd --zone=public --add-rich='rule family="ipv4"
source address="192.168.52.1" reject'
sudo firewall-cmd --reload

we have also mentioned family of IP (ipv4)

Types of Linux Firewalls

There is more than one Linux firewall option available. When we come
to drop down and research, we have a few popular names IPCop,
iptables, Shorewall, and UFW But one of the most popular
is the “iptables“ firewall.
Iptables Working:
Linux-based software that performs manipulation functions, packet
filtering, and NAT (network address translation) is known as Iptables.
With the help of Iptables which allows system administrators to control
incoming and outgoing traffic by setting up the rules.
When a packet is received in a Linux base system, it has to go through
the chains and tables in the iptables firewall. The most commonly used
tables are filter and nat but we have five predefined tables in iptables
(raw, nat, filter, security, and mangle).

Types of Tables

We will discuss five predefined tables:

1. Security Table: It is often used in conjunction with other
security tools like SELinux, it is also used for MAC (Mandatory
 Access Control) rules, which can further be used to set rules
related to security labels and access controls. It has four built-
in chains: OUTPUT, FORWARD, INPUT, and SECMARK.
2. Mangle Table: It is used to modify packets by setting the
packet’s ToS/DSCP field, altering packet header fields, and
changing packet marks. It has Five built-in chains:
POSTROUTING, FORWARD, OUTPUT, PREROUTING, and INPUT.
3. Nat Table: It stands for network address translation, which
helps in sharing a single public IP address between multiple
devices. It has two built-in chains: PREROUTING and
POSTROUTING.
4. Raw Table: It is used for the configuration of low-level packet
processing. It has limited built-in chains, but the user can
create additional chains if required.
5. Filter Table: It is used for packet filtering. It has three built-in
chains. INPUT, OUTPUT, and FORWARD.
Here filters are responsible for filtering the packets on the defined
rules based on the source and destination of the IP address, port
number, and protocol type. And Chains there are three different types
of built-in chains.

Types of Chains

Chain Rule: Rules that are described for a particular task. Subdivided
into three types:
1. INPUT: Filter incoming traffic in the local system.
2. OUTPUT: Filter Outgoing traffic for the local system.
3. FORWARD: Packets forwarded from one system to another go
throw it.
Configure a Firewall on Linux OS
We will be configuring iptables in our operating system.
To install iptables
sudo dnf install iptables

This command is use to install iptables

Basic Syntax for using iptables

sudo iptables [option] CHAIN-rule [-j target]
Note:
 1. Output Chains: Traffic going through local machines has to
pass through these output chains.
2. Input Chains: Traffic has to go from every rule that has been
assigned within input chains.
3. Forward Chains: Traffic going from the arising network
location to another network location has to pass through
forward chains.
We have some common iptables options
Options Descriptions

[CHECK]: This is to check and find a rule that matches the requirements of
-C the string.

-D [DELETE]: This is used to delete a specific rule.

-A [APPEND]: This is used to append or add rules.

-I [INSERT]: This can add a rule to a particular position in a string.

-L [LIST]: To display all the rules we can use this.

-v [VERBOSE]: This is used to get more information in the list option.

-X [DELETE CHAIN]: This deletes the entire supplied string.

-p [Protocol_name]: It is used to define the name of the protocol.

-N [NEW CHAIN]: To create a new chain.

-j [job]: It tells what operation has to be done with the packet.

-F [Flush]: It is to delete all rules.

-s [specify]: It is a flag used to specify the source of the packet.

Common Firewall Issues and Troubleshooting

Tips
We have three basic Policies. Let’s discuss Some Basic Operations and
their Syntax
1. DROP: It can block an incoming signal, which basically states
that the firewall is blocked for that particular IP.
2. ACCEPT: It allows the IP we provide to make users go into the
system.
3. REJECT: It works similarly to Drop, but in ‘drop‘ the sender is
blocked without any notification whereas in ‘reject‘ a message
states the reason for not being able to connect.

Some basic operations and their syntax

Creating our first rule

The first rule to allow incoming ICMP (ping) traffic on the INPUT chain:
sudo iptables -A INPUT -p icmp -j ACCEPT
Uses ‘-A‘ to append the rule at the end of the INPUT chain. ‘-p
icmp’ tells that rule is applying to ICMP traffic. ‘-j ACCEPT‘ tells you to
accept(allow) any traffic that matches the rule.

CREATE FIRST RULE iptables

The syntax for using policies

# Refer context mentioned above to see the use-case of [ -I , -A
, -p , -s ,-j ]
sudo iptables -I/-A name_chain -s source_ip -p protocol_name --
dport port_number -j action_to_do
Example:
Accept Rule: If we have to accept an IP (source) 192.168.160.51 on
port number 22 using TCP protocol.
sudo iptables -A INPUT -s 192.168.160.51 -p tcp --dport 22 -j
ACCEPT

TO CHECK OUTPUT, WE USED $ sudo iptables -L

Drop Rule: If we have to Drop an IP (source) 192.168.160.51.

sudo iptables -A/-I chain_name -s source_ip -j action_to_do

As we can see 192.168.160.51 has been drop

Reset Rule: To reset all iptables rule we use -F.

sudo iptables -F
Conclusion
In this article, we have discussed Linux Operating System, Linux
Firewall, and how to configure Linux firewall. Linux is based on Unix-
like which has a modular design. To protect our system, we have a
Linux firewall and firewalld. We will discuss the different types of Linux
firewall and their rules. In the end, we learned about how to configure
a firewall using iptables. By understanding this article one can secure
their Linux system with the required firewall configuration.