search
HomeOperation and MaintenanceLinux Operation and MaintenanceHow do I set up a firewall in Linux using firewalld or iptables?

How do I set up a firewall in Linux using firewalld or iptables?

Emily Anne Brown
Emily Anne Brown
Mar 12, 2025 pm 06:58 PM

Setting up a Firewall in Linux using firewalld or iptables

Setting up a firewall in Linux using either firewalld or iptables involves different approaches due to their architectural differences. firewalld is a dynamic firewall daemon that provides a user-friendly interface for managing firewall rules, while iptables is a command-line utility that directly manipulates the kernel's netfilter framework.

Using firewalld:

  1. Installation: Ensure firewalld is installed. On most distributions, this is done using the package manager (e.g., apt install firewalld on Debian/Ubuntu, dnf install firewalld on Fedora/CentOS/RHEL).
  2. Start and enable firewalld: Start the service with systemctl start firewalld and enable it to start on boot with systemctl enable firewalld.
  3. Basic Configuration: firewalld uses "zones" to define different network contexts (e.g., "public", "internal", "dmz"). Each zone has a default set of rules. You can list zones with firewall-cmd --get-active-zones. To add a service, like SSH (port 22), to the default zone (usually "public"), use firewall-cmd --permanent --add-service=ssh. To make the changes permanent, use the --permanent flag. Reload the firewall with firewall-cmd --reload to apply the changes.
  4. Advanced Configuration: For more granular control, you can add specific ports using firewall-cmd --permanent --add-port=80/tcp (for HTTP) or ranges using firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" accept' (for allowing traffic from a specific subnet).

Using iptables:

  1. Installation: iptables is usually included by default in most Linux distributions.
  2. Basic Configuration: iptables uses chains (e.g., INPUT, OUTPUT, FORWARD) to manage rules. Each rule specifies the source/destination IP addresses, ports, protocols, and action (ACCEPT, DROP, REJECT). For example, to allow SSH connections: iptables -A INPUT -p tcp --dport 22 -j ACCEPT.
  3. Saving rules: iptables rules are not persistent across reboots. You need to save them using a script or a utility like iptables-save and load them at boot time using a startup script. The exact method varies depending on your distribution.
  4. Advanced Configuration: iptables offers extremely fine-grained control, allowing for complex rule sets with various matching criteria and custom chains. However, this requires a deep understanding of networking and iptables syntax.

Key Differences Between firewalld and iptables

The primary difference lies in their approach to firewall management. firewalld provides a higher-level, user-friendly interface built on top of iptables. It simplifies common firewall tasks, making it easier to manage zones, services, and ports. iptables, on the other hand, provides direct, low-level control over the netfilter framework, offering greater flexibility but requiring more technical expertise.

Here's a table summarizing the key differences:

Feature firewalld iptables
Interface Command-line tool with user-friendly options Command-line only, complex syntax
Configuration Zones, services, ports, rich rules Chains, rules with specific matching criteria
Persistence Built-in persistence mechanism Requires manual saving and loading at boot
Complexity Easier to learn and use Steeper learning curve, more complex
Flexibility Less flexible than iptables Highly flexible, allows for intricate rules
Dynamic Updates Supports dynamic updates Manual updates required

Configuring Specific Firewall Rules to Allow/Deny Particular Ports or Services

Using firewalld:

To allow a specific port (e.g., HTTP on port 80):

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload

To deny a specific port (e.g., FTP on port 21):

This is less straightforward with firewalld. You'd likely need to create a custom zone or use rich rules to achieve this precisely. Generally, firewalld is designed to allow by default and deny explicitly.

To allow a specific service (e.g., SSH):

firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload

Using iptables:

To allow a specific port (e.g., HTTP on port 80):

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT # If you want to allow outgoing traffic on port 80 as well.
service iptables save # Save the rules (method varies by distribution)

To deny a specific port (e.g., FTP on port 21):

iptables -A INPUT -p tcp --dport 21 -j DROP
service iptables save # Save the rules (method varies by distribution)

Best Practices for Securing Your Linux System with a Firewall

Regardless of whether you use firewalld or iptables, follow these best practices:

  • Principle of Least Privilege: Only allow necessary traffic. Deny all by default and explicitly allow specific ports and services.
  • Regular Updates: Keep your firewall and operating system updated with the latest security patches.
  • Log Analysis: Regularly review firewall logs to identify suspicious activity.
  • Input Chain Focus: Pay close attention to the INPUT chain, as this controls incoming connections.
  • Statefull Firewalls: Utilize stateful inspection (both firewalld and iptables support this) to track connections and allow return traffic.
  • Avoid Open Ports Unless Necessary: Minimize the number of open ports exposed to the internet.
  • Use a Strong Password Policy: Secure your system by using strong passwords and regularly updating them.
  • Regularly Review Rules: Periodically review your firewall rules to ensure they are still appropriate and effective.
  • Use a separate DMZ: If you need to expose services to the internet, consider using a separate DMZ (demilitarized zone) to isolate those services from your internal network.
  • Consider Intrusion Detection/Prevention Systems (IDS/IPS): Combine your firewall with an IDS/IPS for an added layer of security.

Remember to always test your firewall rules in a controlled environment before deploying them to a production system. Incorrectly configured firewall rules can render your system inaccessible.

The above is the detailed content of How do I set up a firewall in Linux using firewalld or iptables?. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Related Article
The 5 Core Components of the Linux Operating SystemThe 5 Core Components of the Linux Operating SystemMay 08, 2025 am 12:08 AM

The five core components of the Linux operating system are: 1. Kernel, 2. System libraries, 3. System tools, 4. System services, 5. File system. These components work together to ensure the stable and efficient operation of the system, and together form a powerful and flexible operating system.

The 5 Essential Elements of Linux: ExplainedThe 5 Essential Elements of Linux: ExplainedMay 07, 2025 am 12:14 AM

The five core elements of Linux are: 1. Kernel, 2. Command line interface, 3. File system, 4. Package management, 5. Community and open source. Together, these elements define the nature and functionality of Linux.

Linux Operations: Security and User ManagementLinux Operations: Security and User ManagementMay 06, 2025 am 12:04 AM

Linux user management and security can be achieved through the following steps: 1. Create users and groups, using commands such as sudouseradd-m-gdevelopers-s/bin/bashjohn. 2. Bulkly create users and set password policies, using the for loop and chpasswd commands. 3. Check and fix common errors, home directory and shell settings. 4. Implement best practices such as strong cryptographic policies, regular audits and the principle of minimum authority. 5. Optimize performance, use sudo and adjust PAM module configuration. Through these methods, users can be effectively managed and system security can be improved.

Linux Operations: File System, Processes, and MoreLinux Operations: File System, Processes, and MoreMay 05, 2025 am 12:16 AM

The core operations of Linux file system and process management include file system management and process control. 1) File system operations include creating, deleting, copying and moving files or directories, using commands such as mkdir, rmdir, cp and mv. 2) Process management involves starting, monitoring and killing processes, using commands such as ./my_script.sh&, top and kill.

Linux Operations: Shell Scripting and AutomationLinux Operations: Shell Scripting and AutomationMay 04, 2025 am 12:15 AM

Shell scripts are powerful tools for automated execution of commands in Linux systems. 1) The shell script executes commands line by line through the interpreter to process variable substitution and conditional judgment. 2) The basic usage includes backup operations, such as using the tar command to back up the directory. 3) Advanced usage involves the use of functions and case statements to manage services. 4) Debugging skills include using set-x to enable debugging mode and set-e to exit when the command fails. 5) Performance optimization is recommended to avoid subshells, use arrays and optimization loops.

Linux Operations: Understanding the Core FunctionalityLinux Operations: Understanding the Core FunctionalityMay 03, 2025 am 12:09 AM

Linux is a Unix-based multi-user, multi-tasking operating system that emphasizes simplicity, modularity and openness. Its core functions include: file system: organized in a tree structure, supports multiple file systems such as ext4, XFS, Btrfs, and use df-T to view file system types. Process management: View the process through the ps command, manage the process using PID, involving priority settings and signal processing. Network configuration: Flexible setting of IP addresses and managing network services, and use sudoipaddradd to configure IP. These features are applied in real-life operations through basic commands and advanced script automation, improving efficiency and reducing errors.

Linux: Entering and Exiting Maintenance ModeLinux: Entering and Exiting Maintenance ModeMay 02, 2025 am 12:01 AM

The methods to enter Linux maintenance mode include: 1. Edit the GRUB configuration file, add "single" or "1" parameters and update the GRUB configuration; 2. Edit the startup parameters in the GRUB menu, add "single" or "1". Exit maintenance mode only requires restarting the system. With these steps, you can quickly enter maintenance mode when needed and exit safely, ensuring system stability and security.

Understanding Linux: The Core Components DefinedUnderstanding Linux: The Core Components DefinedMay 01, 2025 am 12:19 AM

The core components of Linux include kernel, shell, file system, process management and memory management. 1) Kernel management system resources, 2) shell provides user interaction interface, 3) file system supports multiple formats, 4) Process management is implemented through system calls such as fork, and 5) memory management uses virtual memory technology.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide
3 weeks agoByDDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks agoByDDD
Nordhold: Fusion System, Explained
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Show More

Hot Topics

Java Tutorial
1666
14
CakePHP Tutorial
1425
52
Laravel Tutorial
1328
25
PHP Tutorial
1273
29
C# Tutorial
1253
24
Show More