In this lesson, you will learn about Linux firewalls. We will focus on iptables which is one of the most widely used firewall utilities in Linux. Firewalls are critical for network security, acting as gatekeepers to control incoming and outgoing network traffic based on predetermined security rules.

By the end of this lesson, you'll understand how to list existing firewall rules, create new rules, and delete existing ones. We'll also touch briefly on other common firewall utilities in Linux, such as firewalld and ufw, to give you a broader perspective.

The Role of Firewalls in Linux

Firewalls in Linux are essential for protecting your system from unauthorized access and controlling the flow of network traffic. They enable you to define rules that specify which traffic should be allowed or blocked. This functionality is vital for servers and systems exposed to the internet, as it helps prevent unauthorized access and mitigate various network threats.

Common Linux Firewall Utilities

1. iptables: This is the most traditional and flexible tool for managing network packet filtering rules in Linux. It works by inspecting, modifying, redirecting, or dropping packets based on the rules defined by the user.
2. firewalld: A more recent addition to Linux firewalls, firewalld is the default on many distributions like Fedora and CentOS. It provides a dynamic firewall management tool with support for network/firewall zones.
3. ufw (Uncomplicated Firewall): As the name suggests, ufw is designed to be an easy-to-use interface for iptables, making the process of configuring a firewall more accessible.

Focusing on iptables

iptables is a user-space utility program that allows you to configure the Linux kernel's firewall. It uses a set of tables which contain chains, and each chain contains a list of rules. These rules dictate how to process packets.

iptables Chains

At the heart of iptables functionality are the concept of chains, which are essentially sets of rules used to determine what to do with network packets.

Chains are collections of rules that iptables processes sequentially. Each rule within a chain has a criterion and an action (also known as a 'target'). When a packet matches the criteria of a rule, the specified action is taken. If a packet doesn't match, iptables moves to the next rule in the chain.

iptables primarily deals with three built-in chains:

1. INPUT Chain: This chain is used to control the behavior of incoming packets destined for the host itself. For example, if you want to block or allow traffic coming to your server (like SSH or web traffic), you would use rules in the INPUT chain.
2. FORWARD Chain: The FORWARD chain is used for packets that are not destined for the host itself but are being routed through the host. This is common in scenarios where your Linux machine acts as a router or a gateway for other networks.
3. OUTPUT Chain: This chain is for managing outgoing packets originating from the host. If you need to control what type of traffic is allowed to leave your server, you would place rules in the OUTPUT chain.

Managing iptables rules

Listing Existing iptables Rules

To view the existing iptables rules, you use the -L (list) and -v (verbose) options.

This command displays all the current rules in a table format.

sudo iptables -Lv

Creating a Firewall Rule with iptables

To create a new rule, you specify the table, chain, criteria for the packet, and what action to take if the packet meets the criteria. For example, to allow SSH traffic (typically on port 22), you would use:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access