DEV Community

Shweta Thikekar
Shweta Thikekar

Posted on

Firewall Basics: How to Secure Your Linux Server with Firewalld

Image description

  • In today’s interconnected world, securing your server from unauthorized access is a critical part of system administration. A firewall acts as the first line of defense by controlling incoming and outgoing network traffic based on predetermined security rules.

  • Linux servers provide robust tools to configure and manage firewalls, with firewalld being one of the most popular options for dynamic firewall management. Although iptables is another powerful tool for managing firewall rules, this article will focus on firewalld for its simplicity and ease of use. Let’s dive into the basics and learn how to implement a firewall on a Linux server.

What is a Firewall?

A firewall is a network security system that monitors and controls traffic based on security rules. It can be hardware-based, software-based, or a combination of both. Firewalls help:

  • Prevent unauthorized access to your system.
  • Block malicious traffic.
  • Allow safe communication by defining specific rules for traffic flow.

Understanding Firewalld

Firewalld is a firewall management tool that supports dynamic rule changes without disrupting existing network connections. It uses zones to apply different sets of rules based on the trust level of a network interface.
Some key components of firewalld:

  • Zones: Define trust levels for network interfaces (e.g., public, private, home).
  • Services: Predefined rules for common applications (e.g., HTTP, SSH).
  • Ports: Specific network ports you can open or close.
  • XML Configurations: Define custom services and rules in XML format.

Installing and Enabling Firewalld

Most Linux distributions come with firewalld pre-installed. If not, you can install it using your package manager.

Steps to Install Firewalld:Install Firewalld:

sudo apt install firewalld  # For Ubuntu/Debian
sudo yum install firewalld  # For CentOS/Red HatStart and Enable 
Enter fullscreen mode Exit fullscreen mode

Firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld
Enter fullscreen mode Exit fullscreen mode

Check the Status:

sudo systemctl status firewalld
Enter fullscreen mode Exit fullscreen mode

Basic Firewalld Commands

Here are some essential commands to manage your firewall:

1. Check Active Zones:

To view the active zones and their associated interfaces:

sudo firewall-cmd --get-active-zones
Enter fullscreen mode Exit fullscreen mode

2. List All Rules for a Zone:

To list the rules of a specific zone (e.g., public):

sudo firewall-cmd --zone=public --list-all
Enter fullscreen mode Exit fullscreen mode

3. Add a Port to a Zone:

To allow traffic on a specific port (e.g., 8080 for HTTP):

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
Enter fullscreen mode Exit fullscreen mode

The --permanent flag ensures the change persists after a reboot.

4. Add a Service to a Zone:

To allow a predefined service (e.g., SSH):

sudo firewall-cmd --zone=public --add-service=ssh --permanent
Enter fullscreen mode Exit fullscreen mode

5. Remove a Port or Service:

To remove a port or service from a zone:

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
Enter fullscreen mode Exit fullscreen mode
sudo firewall-cmd --zone=public --remove-service=ssh --permanent
Enter fullscreen mode Exit fullscreen mode

6. Reload the Firewall:

Apply changes by reloading:

sudo firewall-cmd --reload
Enter fullscreen mode Exit fullscreen mode

Using XML Files for Custom Services

Firewalld allows you to create custom services using XML files. These files are located in the /etc/firewalld/services/ directory.

For example, to create a custom service for an application running on port 5000:

Create a New Service File:

sudo nano /etc/firewalld/services/myapp.xml

Define the Service in XML:

<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>MyApp</short>
    <description>Custom service for MyApp</description>
    <port protocol="tcp" port="5000"/>
</service>
Enter fullscreen mode Exit fullscreen mode

Reload Firewalld and Add the Service:

sudo firewall-cmd --reload
Enter fullscreen mode Exit fullscreen mode
sudo firewall-cmd --zone=public --add-service=myapp --permanent
Enter fullscreen mode Exit fullscreen mode

Verifying Rules

To ensure your rules are working:

List Open Ports:

sudo firewall-cmd --list-ports
Enter fullscreen mode Exit fullscreen mode

Test Connectivity:

Use tools like curl or telnet to test if the port/service is accessible.

Conclusion

Configuring a firewall is a foundational step in securing any Linux server. Firewalld offers an intuitive and flexible approach for managing firewall rules, making it easier for administrators to define and modify security policies on the fly. You can customize the firewall to suit your security needs by understanding zones, services, and ports. While this guide focused on firewalld, tools like iptables provide additional depth for advanced configurations. Ensuring proper firewall setup not only enhances your server's security but also gives you greater control over network traffic, helping to safeguard your systems effectively.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay