A little Recap on Firewalls post thumbnail

Now I am no security expert (as of yet) but with my hours of working as server and network administrator, I have to dive into either of these for further troubleshooting or for applying proper rules to make a server or home computer stay confined within certain parameters. I haven’ had a chance to use firewalld as extensively as the other two so I won’t have much to say on it.


UFW, Firewalld and IPtables

These are the usual three firewalls that are referenced on a Linux server. Lets first get a brief summary on how they work.


UFW

is an acronym for uncomplicated firewall and just as the name implies, its an easier to grasp, front-end version of iptables. It’s also an upstream available on all distributions and GUI’s which uses UFW.

Firewalld

is a linux daemon which administers network firewall zones. What this means is that you could adjust different networks based off of network interface, port, IPv4, IPv6, Ethernet and WIFI into different level of “trust” zones.

IPtables

is a kernel level based firewall which filters IP packets. This is where you could generally make the biggest changes to connections since this firewall has predefined chains (INPUT, OUTPUT, FORWARD) where all these chains by default have no rules. INPUT would be your incoming traffic, OUTPUT your outbound traffic and FORWARD would be redirecting. You may inspect, modify, forward, redirect and/or drop packets and even confiugre NAT configuration.


Syntax


We won’t go that much in depth but these are the most common. These same answers could be found in the man page on any Linux distribution.

UFW

ufw enable

Enable uncomplicated firewall which will also setup a deny (DROP) for all incoming connections by default.

ufw disable

Disable uncomplicated firewall.

ufw status numbered

Show uncomplicaed firewalls rules along with their numbers.

ufw allow proto

Allow incoming traffic based on protocol.

ufw deny proto

Deny incoming traffic based on protocol.

ufw delete {rule number}

Delete uncomplicated firewall rule, based on specified number.


Iptables

ipables -A

Append one or more rules to the end of the selected chain.

iptables -F

Flush the selected chain or all if none is specified.

iptables -p

The protocol of the rule or of the packet to check.

ipables -s

Source specification. Address can be either a network name, a host name, a network IP address (with /mask), or a plain IP address. Host names
will be resolved once only, before the rule is submitted to the kernel.


Real life scenarios

(still being updated)

Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *