A firewall is a network security system that checks incoming and outgoing traffic. As the name says it is a wall between the device and the internet.
The firewall also has some set of rules so that when authorized traffic approaches the device it performs some set of operations according to the rules to allow the traffic and if unauthorized traffic approaches the device performs a set of rules to block the traffic.
How the Firewall of Linux works :
Most of the Linux distro’s ship with default firewall tools that can be used to configure them. We will be using “IPTables” the default tool provided in Linux to establish a firewall. Iptables is used to set up, maintain and inspect the tables of the IPv4 and IPv6 packet filter rules in the Linux Kernel.
Chains are a set of rules defined for a particular task.
Let us discuss some of the practical examples of
The firewalld has more than one zones, to get a list of all the zones, run the command:
To get the list of the active zone, run the command:
To get firewall rules for the
public zone, run the command:
firewall-cmd --zone=public --list-all
Most of the services are pre-defined by firewalld. To add a third-party service for example
SAP follow the steps:
/usr/lib/firewalld/services/allservices.xmlfile with the commands:
cd /usr/lib/firewalld/services/ ls -l
.xmlfile sap.xml with the command:
cp ssh.xml sap.xml
caton any of the .xml file, we shall get the structure of the file as below.
tcpand port number to
32of sap.xml after running the command:
The content should be:
systemctl restart firewalld
To add a service, for example,
http, run the command:
To remove the http service, run the command:
To reload the firewalld configuration, run the command:
To add the http service permanently, run the command:
firewall-cmd --add-service=http --permanent
To remove the http service permanently, run the command:
firewall-cmd --remove-service=http --permanent
To add a port, for example
1110, run the command:
To remove a port, for example
1110, run the command:
To reject incoming traffic from an IP address, run the command:
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.25" reject'
To block ICMP incoming traffic, run the command:
To unblock ICMP incoming traffic, run the command:
To block outgoing traffic to a specific website/IP address, for example, Facebook, follow the steps:
host -t a www.facebook.com
The address of Facebook is 126.96.36.199.
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 188.8.131.52 -j DROP
Myself Debomita Bhattacharjee, an IT employee with 6+ years of experience in Software industry. My area of interest is Automation testing and Front End Development.