Firewalls and Firewalld in Ubuntu
Cloud | AWS | DevOps | AI 📍 Toronto 🇨🇦 🚀 Cloud Architect @ AWS 👨🏽🏫 Professor
In today's interconnected world, protecting your systems from unauthorized access is non-negotiable. This is where firewalls come in, serving as your first line of defense against potential cyber threats. If you're using Ubuntu and want to efficiently manage your firewall, Firewalld is a tool you should know about. In this post, we'll explore what firewalls are, why they matter, and how to use Firewalld to secure your Ubuntu system.
What is a Firewall?
A firewall is like a security guard for your network. It monitors traffic entering and leaving your system and decides whether to allow or block it based on predefined rules. Firewalls are crucial for:
Blocking Unwanted Traffic: Preventing hackers and malicious programs from gaining access.
Allowing Trusted Services: Ensuring that essential services like SSH or web servers are accessible.
Monitoring and Controlling Traffic: Keeping tabs on what’s happening in your network.
Think of it as a filter that only lets the right people in while keeping the wrong ones out.
Now, let’s use Firewalld - a powerful and flexible firewall management tool for Linux to experiment with firewalls.
Firewalld is a dynamic firewall. It allows you to make real-time changes without restarting the entire service. Here are a few reasons to use Firewalld:
Zone-based Configuration: You can define trust levels for network connections using zones.
Real-time Changes: Add or remove rules without interrupting active connections.
Integration with iptables: It simplifies the complexity of managing iptables directly.
Install Firewalld
Firewalld isn’t installed by default on Ubuntu, but you can get it up and running in just a few steps:
sudo apt update
sudo apt install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
These commands update your package lists, install Firewalld, and ensure it starts automatically whenever your system boots.
Checking Firewalld Status
Once installed, verify that Firewalld is active:
sudo systemctl status firewalld
If it’s running, you’ll see “active (running).”
Firewalld Basics
Now that you have Firewalld installed, we will quickly run through some basics about configuring it.
Zones in Firewalld
Zones are the core of Firewalld’s functionality. They define trust levels for your network connections. Common zones include:
Public: For untrusted networks, like public Wi-Fi.
Home: For trusted networks, like your private Wi-Fi.
Work: For office networks with medium trust levels.
You can view active zones with:
firewall-cmd --get-active-zones
Allowing a Service
Let’s say you’re hosting a website and must allow HTTP traffic. Run:
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
Blocking a Service
To block a service like SSH, use:
firewall-cmd --remove-service=ssh --permanent
firewall-cmd --reload
Practical Example: Securing a Web Server
Imagine you’re hosting a web application on an Ubuntu server.
PS: Instead of imagining, you can run a simple site inan Apache server and try securing it
Here’s how you can secure it with Firewalld:
- Allow HTTP Traffic:
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
- Block Other Traffic:
Remove unnecessary services (e.g., SSH):
firewall-cmd --remove-service=ssh --permanent
firewall-cmd --reload
- Verify Rules:
Check active rules to ensure only HTTP is allowed:
firewall-cmd --list-all
This will display the active zone and its rules.
Firewalls are essential for securing your systems. Take a moment today to try and practically implement and play around with this.
