A little Recap on Firewalls post thumbnail
0 2 Comments

Now I am no security expert (as of yet) but with my hours of working as server and network administrator, I have to dive into either of these for further troubleshooting or for applying proper rules to make a server or home computer stay confined within certain parameters. I haven’t had a chance to use firewalld as extensively as the other two so I won’t have much to say on it.

UFW, Firewalld and IPtables

These are the usual three firewalls that are referenced on a Linux server. Lets first get a brief summary on how they work.


is an acronym for uncomplicated firewall and just as the name implies, its an easier to grasp, front-end version of iptables. It’s also an upstream available on all distributions and GUI’s which uses UFW.


is a linux daemon which administers network firewall zones. What this means is that you could adjust different networks based off of network interface, port, IPv4, IPv6, Ethernet and WIFI into different level of “trust” zones.


is a kernel level based firewall which filters IP packets. This is where you could generally make the biggest changes to connections since this firewall has predefined chains (INPUT, OUTPUT, FORWARD) where all these chains by default have no rules. INPUT would be your incoming traffic, OUTPUT your outbound traffic and FORWARD would be redirecting. You may inspect, modify, forward, redirect and/or drop packets and even confiugre NAT configuration.


We won’t go that much in depth but these are the most common. These same answers could be found in the man page on any Linux distribution.


ufw enable

Enable uncomplicated firewall which will also setup a deny (DROP) for all incoming connections by default.

ufw disable

Disable uncomplicated firewall.

ufw status numbered

Show uncomplicaed firewalls rules along with their numbers.

ufw allow proto

Allow incoming traffic based on protocol.

ufw deny proto

Deny incoming traffic based on protocol.

ufw delete {rule number}

Delete uncomplicated firewall rule, based on specified number.


ipables -A

Append one or more rules to the end of the selected chain.

iptables -F

Flush the selected chain or all if none is specified.

iptables -p

The protocol of the rule or of the packet to check.

ipables -s

Source specification. Address can be either a network name, a host name, a network IP address (with /mask), or a plain IP address. Host names
will be resolved once only, before the rule is submitted to the kernel.

Real life scenarios

1.) I want to enable the ports for https and http on my server so I could serve websites from my web server. Also I want to disable access to ssh.

What it would look like in uncomplicated firewall

sudo ufw allow 80/tcp && sudo ufw allow 443/tcp

sudo deny 22/tcp

In the addition of commenting (#) the sshd config located in /etc/ssh/sshd_config


2 thoughts on “A little Recap on Firewalls”

  1. Good day! I just wish to give you a huge thumbs up for your excellent information you have got here on this post. I am coming back to your blog for more soon. Good day! I just wish to give you a huge thumbs up for your excellent information you have got here on this post. I am coming back to your blog for more soon. נערות ליווי בגבעתיים

  2. Right here is the perfect web site for anyone who hopes to find out about this topic. You understand a whole lot its almost hard to argue with you (not that I actually would want toÖHaHa). You definitely put a new spin on a topic that has been discussed for decades. Excellent stuff, just great!

Leave a Reply

Your email address will not be published.