Table of content

Firewall in Linux

A firewall is a network security system that checks incoming and outgoing traffic. As the name says it is a wall between the device and the internet.

The firewall also has some set of rules so that when authorized traffic approaches the device it performs some set of operations according to the rules to allow the traffic and if unauthorized traffic approaches the device performs a set of rules to block the traffic.

How the Firewall of Linux works :

Most of the Linux distro’s ship with default firewall tools that can be used to configure them. We will be using “IPTables” the default tool provided in Linux to establish a firewall. Iptables is used to set up, maintain and inspect the tables of the IPv4 and IPv6 packet filter rules in the Linux Kernel.

All the commands below need sudo privileges.
Chains

Chains are a set of rules defined for a particular task.

Let us discuss some of the practical examples of firewalld.

The firewalld has more than one zones, to get a list of all the zones, run the command:

firewall-cmd --get-zones

linux-firewalld

To get the list of the active zone, run the command:

firewall-cmd --get-active-zones

linux-firewalld1

To get firewall rules for the public zone, run the command:

firewall-cmd --zone=public --list-all

Or

firewall-cmd --list-all

linux-firewalld2

Most of the services are pre-defined by firewalld. To add a third-party service for example SAP follow the steps:

  • We have to modify the configurations within the /usr/lib/firewalld/services/allservices.xml file with the commands:
    cd /usr/lib/firewalld/services/​
    ls -l
  • Copy a .xml file sap.xml with the command:
    cp ssh.xml sap.xml​
  • If we run the command cat on any of the .xml file, we shall get the structure of the file as below.
    linux-firewalld3
  • Modify the service as tcp and port number to 32 of sap.xml after running the command:
    vi sap.xml​

The content should be: linux-firewalld6

  • Save and quit.
    :wq!​
  • Verify the contents of the sap.xml file with the command:
    cat sap.xml​

linux-firewalld7

  • Restart the firewalld service with the command:
    systemctl restart firewalld​
  • To verify if the sap service is added, run the command:
    firewall-cmd --get-services​
  • To add the sap service to the firewalld configuration, run the command:
    firewall-cmd --add-service=sap

linux-firewalld8

To add a service, for example, http, run the command:

firewall-cmd --add-service=http​

linux-firewalld4

To remove the http service, run the command:

firewall-cmd --remove-service=http​​

linux-firewalld5

To reload the firewalld configuration, run the command:

firewall-cmd --reload​

To add the http service permanently, run the command:

firewall-cmd --add-service=http​ --permanent​

To remove the http service permanently, run the command:

firewall-cmd --remove-service=http​ --permanent​

To add a port, for example 1110, run the command:

firewall-cmd --add-port=1110/tcp

To remove a port, for example 1110, run the command:

firewall-cmd --remove-port=1110/tcp

To reject incoming traffic from an IP address, run the command:

firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.25" reject'

To block ICMP incoming traffic, run the command:

firewall-cmd --add-icmp-block-inversion

To unblock ICMP incoming traffic, run the command:

firewall-cmd --remove-icmp-block-inversion

To block outgoing traffic to a specific website/IP address, for example, Facebook, follow the steps:

  • Get the IP address, with the command:
host -t a www.facebook.com

linux-firewalld9

The address of Facebook is 31.13.71.36.

  • To block the IP address, with the command:
    firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 31.13.71.36 -j DROP​

linux-firewalld10

About Author :

Myself Debomita Bhattacharjee, an IT employee with 6+ years of experience in Software industry. My area of interest is Automation testing and Front End Development.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions