Basic Firewall Concepts

A firewall is a fundamental security mechanism that controls incoming and outgoing network traffic based on predetermined rules. In Linux, firewalls help protect systems by permitting or blocking traffic, thereby preventing unauthorized access and defending against network attacks. 

What is a Firewall?

A firewall is a security system that functions as a barrier between internal trusted networks and external untrusted networks, such as the Internet. It monitors and filters network packets according to configured security rules, controlling the flow of data.

Firewalls can filter traffic based on criteria such as IP addresses, ports, protocols, and connection states, helping to protect networks from unauthorized access and potential threats.

Key Firewall Components

The main components of a firewall include elements that determine how data packets are processed and controlled.

1. Packets: Units of data traveling across networks.

2. Rules: Criteria defining whether packets are allowed or blocked.

3. Chains: Ordered lists of rules to check packets.

4. Tables: Collections of chains for different packet processing tasks (filtering, NAT, etc.).

5. Zones: Groupings of interfaces and associated rules for different trust levels (in tools like firewalld).

Linux Firewall Tools

Linux offers a variety of firewall tools that cater to different skill levels and security requirements.

1. iptables: Traditional command-line firewall utility leveraging Netfilter framework. It uses tables (filter, nat, mangle) and chains (INPUT, OUTPUT, FORWARD). However, complex but powerful for granular control.

2. firewalld: Modern dynamic firewall management service using zones and simplified rules. It is easier to manage, supports runtime and permanent configurations.

3. UFW (Uncomplicated Firewall): User-friendly frontend for iptables, popular on Ubuntu.

Common Rule Types

The following are essential rule types that help define how firewalls handle network packets.

1. Allow: Permits traffic matching the rule.

2. Deny: Blocks traffic and notifies sender.

3. Drop: Silently discards traffic.

4. Reject: Blocks traffic with an error response.

5. Limit: Rate limits connections to prevent abuse such as brute force attacks.

Basic Firewall Operations

Firewalls rely on a few fundamental operations to regulate network traffic and prevent unauthorized access.

1. Set default policies: Decide whether to accept or reject traffic by default. Best practice: Deny all incoming by default and explicitly allow required traffic.

2. Allow/deny ports and services: Control access to network services like SSH (port 22), HTTP (port 80).

3. Block IP addresses or networks: Restrict traffic from suspicious sources.

4. Logging: Record firewall activity for auditing and troubleshooting.

Example iptables Commands

• Allow incoming SSH traffic:

• Block incoming ping (ICMP) requests:

• Set default policy to DROP all inbound traffic:

Firewalld Concept of Zones

Zones categorize interfaces with predefined trust levels.

Examples:

1. public: Default, limited inbound services allowed (e.g., ssh, dhcp).

2. drop: Blocks all incoming connections silently.

3. trusted: Allows all connections.

Configure with commands like: