Understanding and Configuring Firewall Rules with iptables, ufw, and firewalld

Introduction

Firewalls are essential for network security, this article will guide you through understanding firewall rules and demonstrate how to manage these rules using iptables, firewalld, and ufw.

What is a Firewall?

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a trusted internal network and untrusted external networks such as the Internet.

Iptables

Iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets.

List all the current rules:

iptables -L

Block a specific IP address:

iptables -A INPUT -s 192.168.0.10 -j DROP

Allow all traffic on a specific port (e.g., 22 for SSH):

iptables -A INPUT -p tcp –dport 22 -j ACCEPT

Firewalld

Firewalld is a front-end controller for iptables used to implement persistent network traffic rules. It’s more user-friendly and suited for beginners or for those who are looking for a more intuitive way to manage firewalls. It’s the default firewall management tool on RHL/Fedora.

Check the status of firewalld:

firewall-cmd –-state

List all the current rules:

firewall-cmd –-list-all

Block a specific IP address:

firewall-cmd –-permanent –-add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

Allow all traffic on a specific port (e.g., 22 for SSH):

firewall-cmd --permanent --add-port=22/tcp

Remove all traffic on a specific port (e.g., 9090 for Cockpit)

firewall-cmd --permanent --remove-port=9090/tcp

UFW

UFW, or Uncomplicated Firewall, is another front-end controller for iptables, designed to be easy to use while providing the user with powerful options. It’s the default firewall management tool on Ubuntu.

Enable UFW:

ufw enable

This will enable the firewall for you on the server. It is critical to note that if you do not whitelist your IP and SSH you will lose access to your server.

Allow traffic on a specific port:

ufw allow 22/tcp comment 'open-ssh'
ufw allow 53/udp comment 'pi-hole'

Block a specific IP address:

ufw deny from 192.168.0.10

How to check the status of UFW:

ufw status verbose
ufw status numbered

How to delete rules (numbered)

ufw delete 4

How to disable UFW:

ufw disable

How to disable logging:

ufw logging off

Reset UFW:

ufw reset

This command above will reset all of the rules back to default. However, this can block your access again if you do not have SSH ports enabled.

How to Choose a Firewall Tool

Choosing the right tool often depends on your comfort level and the specific needs of your system. Iptables provides comprehensive control but with a complex syntax. On the other hand, ufw and firewalld offer simpler interfaces and are often sufficient for personal use or small scale deployments.