A Step-by-Step Guide to Configure a Firewall in Linux

Home » Products » Hosting » A Step-by-Step Guide to Configure a Firewall in Linux

Be it your server or home computer, it is important to protect every system properly. And a firewall can help you do that efficiently.

A firewall is a widely popular network security software that enables you to monitor the incoming and outgoing traffic in your network. It is a virtual barrier (like a fencer) placed between a wide public network and a private network which controls and filters the incoming traffic based on certain rules, protecting your system from attacks and damage. You can implement the firewall software based on your network’s size and the level of security you need.

There are two types of firewalls – Network firewall (generally built into the infrastructure) and Host firewall (installed on individual servers that monitor the connections).

In this article, we’ll take you through Linux System Firewall Configuration. But before that, we’ll answer a commonly asked question –

Is it crucial to enable a firewall for a Linux system?

Though Linux OS guarantees robust security features (by default) and is immune to viruses and other malicious entities, it is highly recommended to configure your system with a firewall for its complete security. The reason is, most systems, irrespective of their operating system are vulnerable to cyber-attacks, especially in this era of ever-evolving technology.

Configuring a firewall in Linux

Step 1 – Begin with strengthening your Linux security

Before starting the configuration process, ensure that your system is up-to-date and all your security functions are updated.

(Often people don’t update their operating systems regularly. And when they try to update any software manually, it doesn’t work. Therefore, updating your system regularly is important)

With the Debian/Ubuntu distribution system, the ‘iptables’ is pre-installed. However, CentOS and the versions following it have replaced the iptables with FirewallID, which is mostly set as a default firewall management tool.

But if you are comfortable with iptables, you can use that (only after disabling the FirewallID in your CentOS).

Step 2 – Configure Iptables

As iptables is a command-line firewall program, it allows you to filter traffic and helps you decide which packets can come in and go out (on the basis of the rules it is configured to follow). It allows and blocks the traffic with the help of a unique policy chain which is of three types mainly –

Input – used to control incoming connections

Output – used for outgoing connections

Forward – used for packets that aren’t delivered locally

As iptables usually come pre-installed with the Linux version, you need not worry about the installation part. But if its missing, you can install it with the following command:

“sudo apt-get install iptables”

Now that you have installed iptables, check the default configuration by running the following command:

List the rules of current iptables.
Command: “sudo iptables -L”
Clear the existing rules (if you want to).
Command: “sudo iptables -F”

(The above-mentioned firewall command in Linux will reset the iptables).

Change the chains’ default policies.
Command: “sudo iptables -P Chain_name Action_to_be_taken”

Change forwarding’s policy to drop.
Command: “sudo iptables -P FORWARD DROP”

Step 3 – Blocking the connections

If you need to block or drop the connection for an IP address, run the following command: “iptables -A INPUT -s 10.10.10.10 -j DROP”

(Herein, 10.10.10.10 is the IP address you’d want to drop)

Besides, if you need to block from a range of IP addresses, run the following command: “iptables -A INPUT -s 10.10.10.10/24 -j DROP”

To block the connection to specific port(s), run the following command: 
“iptables -A INPUT -p tcp –dport ssh -j DROP”

Step 4 – Decide the firewalls ports you want to close

Begin with different lines of attack.

For XMAS packets, run the following command:

“iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP”

For blocking the null packets, run the following command:

“iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP”

Step 5 – Decide the firewall ports to be left open

For the incoming connections, run the following command:

“Port Number/ Protocol for reason

993/ tcp & udp for IMAP (for receiving emails)
143/ tcp & udp for Insecure IMAP
110/ tcp for POP3 (to receive emails (another way))
22/ tcp for SSH (for securing connection from machine to machine)
9418/ tcp for GIT (version control system)”

For the outgoing connections, run the following command:

“Port Number/ Protocol for reason
80/ tcp for HTTP
443/ tcp for HTTPS (secure HTTP)
993/ tcp & udp for IMAP (for receiving emails)
143/ tcp & udp for Insecure IMAP
53/ udp for DNS
21/ tcp for FTP (File Transfer Protocol)
465/ tcp for SMTP (to send emails)
25/ tcp for Insecure SMTP
22/ tcp for SSH (for securing connection from machine to machine)
9418/ tcp for GIT (version control system)”

Step 6 – Save the firewall’s configuration for Linux

Once you’ve made the required changes, save all the configurations by running the following command:

“iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart”

Do not forget to restart your firewall after this command.

Iptables is one of the most effective and widely preferred firewall solutions for Linux OS. However, you can choose other tools and alternatives as a replacement to iptables.

You can use GUI (graphical user interface) instead of command line. Othuer tools that you can check for Ubuntu/Debian distributions are Firestarter and Firewall Builder.

By following the steps mentioned above, it is seamless to enable a firewall in Linux irrespective of it being your server or a personal computer. In fact, if you are hosting your website on Virtual Private Server (VPS) Hosting it’ll be easier for you to make the changes to your server as VPS Hosting offers full root access, providing you complete control of your hosting server and the flexibility you need to customize it as per your preferences.