Linux systems rely on firewalls to safeguard against unauthorized network access. These software barriers control network traffic, permitting or blocking data packets based on predefined rules. Operating primarily at the network layer, they manage both IPv4 and IPv6 packets. Rule sets, encompassing both built-in and user-defined parameters, govern each packet's fate.
Two prominent firewall management tools dominate the Linux landscape: Firewalld and UFW. This guide explores their functionalities and management techniques on contemporary Linux distributions.
Firewalld: Dynamic Firewall Management
Firewalld, a dynamic firewall manager, features prominently in distributions like RHEL, CentOS, and Fedora. Its user-friendly interface simplifies the management of firewall rules and network zones. It supports two configuration types:
- Permanent: Rules persist across reboots.
- Runtime: Temporary rules, lost upon system or service restarts.
Firewalld categorizes network traffic into zones (e.g., public, internal, trusted), applying distinct rule sets to each. Its configuration resides in:
- /usr/lib/firewalld: Default configurations (subject to system updates).
- /etc/firewalld: System-specific configurations (persistent across reboots and updates).
Managing Firewalld (RHEL-based Systems)
These commands control Firewalld on RHEL-derived distributions:
-
Start:
systemctl start firewalld -
Stop:
systemctl stop firewalld -
Status:
systemctl status firewalld -
State:
firewall-cmd --state -
Enable at boot:
systemctl enable firewalld -
Disable:
systemctl disable firewalld -
Mask (prevent starting):
systemctl mask firewalld -
Unmask:
systemctl unmask firewalld
UFW: Uncomplicated Firewall Management
UFW (Uncomplicated Firewall) serves as the default firewall on Ubuntu and similar distributions. A simplified frontend for iptables, UFW streamlines firewall management for users who don't require iptables' full complexity.
Managing UFW (Debian-based Systems)
These commands manage UFW on Debian-based systems:
-
Enable:
sudo ufw enable -
Disable:
sudo ufw disable -
Status:
sudo ufw status
UFW Rule Management
Basic UFW commands:
-
Allow a port (e.g., HTTP port 80):
sudo ufw allow 80 -
Deny a port:
sudo ufw deny 80 -
Allow SSH:
sudo ufw allow ssh -
Delete a rule:
sudo ufw delete allow 80 -
Enable logging:
sudo ufw logging on
Conclusion
This article provides a foundational understanding of Firewalld and UFW management on modern Linux systems. Both tools are crucial for network security, but cater to different user needs. Firewalld's dynamic capabilities and zone support suit advanced users and servers, while UFW's simplicity makes it ideal for desktop or lightweight server environments. Effective firewall usage is essential for securing any Linux system.
The above is the detailed content of How to Manage Firewalld and UFW for Linux Security. For more information, please follow other related articles on the PHP Chinese website!
How to Manage Firewalld and UFW for Linux SecurityMay 12, 2025 am 10:56 AMLinux systems rely on firewalls to safeguard against unauthorized network access. These software barriers control network traffic, permitting or blocking data packets based on predefined rules. Operating primarily at the network layer, they manage
How to Check If Your Linux System is a Desktop or LaptopMay 12, 2025 am 10:48 AMDetermining if your Linux system is a desktop or laptop is crucial for system optimization. This guide outlines simple commands to identify your system type. The hostnamectl Command: This command provides a concise way to check your system's chassis
How to Increase TCP/IP Connections in LinuxMay 12, 2025 am 10:23 AMGuide to adjust the number of TCP/IP connections for Linux servers Linux systems are often used in servers and network applications. Administrators often encounter the problem that the number of TCP/IP connections reaches the upper limit, resulting in user connection errors. This article will guide you how to improve the maximum number of TCP/IP connections in Linux systems. Understanding TCP/IP connection number TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication protocol of the Internet. Each TCP connection requires system resources. When there are too many active connections, the system may reject new connections or slow down. By increasing the maximum number of connections allowed, server performance can be improved and more concurrent users can be handled. Check the current number of Linux connections limits Change settings
How to Convert SVG to PNG in Linux TerminalMay 12, 2025 am 10:21 AMSVG (Scalable Vector Graphics) files are ideal for logos and illustrations due to their resizability without quality loss. However, PNG (Portable Network Graphics) format often offers better compatibility with websites and applications. This guide d
How to Create Your Own Android and iOS Apps with LiveCodeMay 12, 2025 am 10:10 AMLiveCode: A Cross-Platform Development Revolution LiveCode, a programming language debuting in 1993, simplifies app development for everyone. Its high-level, English-like syntax and dynamic typing enable the creation of robust applications with ease
How to Reset a USB Device from the Linux TerminalMay 12, 2025 am 10:07 AMThis guide provides a step-by-step process for resetting a malfunctioning USB device via the Linux command line. Troubleshooting unresponsive or disconnected USB drives is simplified using these commands. Step 1: Identifying Your USB Device First, i
How to Set a Temporary Static IP Address on LinuxMay 12, 2025 am 10:06 AMTemporarily setting a static IP address on Linux is invaluable for network troubleshooting or specific session configurations. This guide details how to achieve this using command-line tools, noting that the changes are not persistent across reboots
51 Lesser-Known Linux Commands for Power UsersMay 12, 2025 am 09:51 AMLinux is known for its powerful set of command-line tools that allow users to interact with the system efficiently. While many Linux users are familiar with common commands such as ls, cd, or grep, there are also few lesser-known but extremely useful commands and shortcuts that can simplify and increase productivity. We are excited to share our latest five articles on "less known Linux commands" with over 50 commands you may not know about. You may also like: 11 little-known practical Linux commands – Part 1 10 little-known Linux commands – Part 2 10 little-known Linux commands – Part 3 10 little-known valid Linux commands
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Notepad++7.3.1
Easy-to-use and free code editor
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
