What is firewall ? | Services of Firewall | Configuring Firewalls in Linux

The Ankit Ojha April 03, 2020


In technical sense, the term firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as Internet.

Two services are available in RHEL / CentOS to create, maintain, and display the rules of firewall:

  • firewalld

    • Dynamic firewall manager that supports firewall zones.
    • Uses the concept of zones and services, that simplify the traffic management.
    • Zones are predefined set of rules and network interfaces and sources can be assigned to a zone.
    • Manages both IPv4 and IPv6 networks.
    • Can be used to separate networks into different zones according to the level of trust that the user has decided to place on the interfaces and traffic within that network.
      A connection can only be a part of one zone, but a zone can be used for many network connections.

  • iptables

    • Also used for:
      •  packet filtering,
      • DNAT (Destination Network Address Translation),
      • SNAT (Source Network Address Translation) rules.
    • IPTables contain multiple tables and tables might contain multiple chains and chains contain multiple rules where rules are defined for the incoming and outgoing packets.

CONFIGURING FIREWALL USING firewalld

Now, we will discuss how to configure the firewall in RHEL or CentOS machine by using firewall-cmd command.

firewalld package is installed by default in RHEL and CentOS. If you noticed that it is not pre-installed in your machine, you can use the following command to install firewalld and watch the status for firewalld.

Now, to verify that the firewall service is installed and running on your system:


To view rules of default zone

    • # firewall-cmd --list-all 


    To list all the zones and their rule

      •  # firewall-cmd --list-all-zones 


    To view name of default (currently active) zone

      •   # firewall-cmd --get-default-zone 

    To view rules of a particular zone

    Syntax:

    •  # firewall-cmd --list-all --zone=<zone name> 

     Example:
      •  # firewall-cmd --list-all --zone=home 


    To switch zone

    Syntax:

    •  # firewall-cmd --set-default-zone=<zone name> 

     Example:
      •  # firewall-cmd --set-default-zone=public 
      •  # firewall-cmd --get-default-zone 


    To allow a service in the default zone

    Syntax:
    •  # firewall-cmd --permanent --add-service=<service name>  

     Example:
      •  # firewall-cmd --permanent --add-service=http 
      •  # firewall-cmd --list-all 
      •  # firewall-cmd --reload 
      •  # firewall-cmd --list-all 

     Note: Permanent rules do not take effect immediately and it appears when the rules are reloaded or system is rebooted.


    To add a temporary service, just remove the word "--permanent".
    •  # firewall-cmd --add-service=http 
    •  # firewall-cmd --reload 
    •  # firewall-cmd --list-all 
    Note: Temporary rules take effect immediately but it disappears when the rules are reloaded or system is rebooted.


    To allow the service in specific zone

      • ADDING PERMANENTLY:
    Syntax:
    • # firewall-cmd --permanent --add-service=<service name> --zone=<zone name>

     Example:
    •  # firewall-cmd --permanent --add-service=http --zone=public 
    •  # firewall-cmd --reload  (To refresh the changes)
    •  # firewall-cmd --list-all --zone=public
      • ADDING TEMPORARILY:
    Syntax:
    • # firewall-cmd --add-service=<service name> --zone=<zone name>
    Example:
    •  # firewall-cmd --add-service=http --zone=public 
    •  # firewall-cmd --list-all --zone=public 


    To remove the specific service from a given zone in the firewall

      Remove from default zone:
      •  # firewall-cmd --permanent --remove-service=http 
      •  # firewall-cmd --reload  (To refresh the changes)
      • # firewall-cmd -- list-all

       Remove from specific zone:
      •  # firewall-cmd --permanent --remove-service=http --zone=work 
      •  # firewall-cmd --reload
      •  # firewall-cmd --list-all --zone=work


      Adding Port

      Adding port in default zone:
        •  # firewall-cmd --permanent --add-port=110/tcp
        •  # firewall-cmd --reload
        •  # firewall-cmd --list-all

      Adding port in specific zone:
        •  # firewall-cmd --permanent --add-port=5577/tcp --zone=work
        •  # firewall-cmd --reload
        •  # firewall-cmd --list-all --zone=work


      Removing Port

      Removing port in default zone:
        •  # firewall-cmd --permanent --remove-port=5577/tcp
        •  # firewall-cmd --reload
        •  # firewall-cmd --list-all

      Removing port in specified zone:
        •  # firewall-cmd --permanent --remove-port=5577/tcp --zone=public 
        •  # firewall-cmd --reload 
        •  # firewall-cmd --list-all --zone=public 


      Tags
      Reactions

      Post a Comment

      0 Comments