How to Set Up a Firewall in Linux Using UFW or Firewalld (Step-by-Step)

In the digital landscape, protecting your Linux server or desktop is paramount. A firewall acts as your first line of defense, controlling network traffic and preventing unauthorized access. This guide provides a detailed walkthrough of two popular Linux firewall tools: UFW (Uncomplicated Firewall) and Firewalld, empowering you to secure your system effectively. Whether you’re a Linux novice or an experienced administrator, understanding these tools is crucial for maintaining a robust and secure environment.

Configuring a Firewall with UFW: The Beginner-Friendly Approach

UFW, the default firewall management tool on Ubuntu and Debian-based systems, simplifies firewall configuration with its intuitive command-line interface. Its straightforward design makes it an excellent choice for users new to Linux security.

Step-by-Step UFW Configuration:

1. Installation and Verification: Ensure UFW is installed. On most Ubuntu/Debian systems, it comes pre-installed. To verify or install, use: sudo apt update 2sudo apt install ufw
2. Allowing SSH (Critical for Remote Access): Before enabling UFW, permit SSH connections. This prevents accidental lockout from your server. sudo ufw allow ssh If using a custom SSH port, substitute ssh with the appropriate port number: sudo ufw allow 2222 # Example custom port
3. Setting Default Policies: Establish a secure baseline by denying incoming connections and allowing outgoing ones. This restricts unsolicited access while enabling your system to initiate outbound connections. sudo ufw default deny incoming 2sudo ufw default allow outgoing
4. Permitting Essential Services (HTTP/HTTPS Example): Allow traffic for necessary services like web servers. sudo ufw allow http 2sudo ufw allow https Alternatively, specify port numbers directly: sudo ufw allow 80 2sudo ufw allow 443
5. Enabling UFW: Activate your configured rules. You’ll likely be prompted to confirm, especially if SSH is allowed. sudo ufw enable Respond y if warned about potential SSH connection disruption (as long as you’ve allowed SSH).
6. Checking Status and Rules: Verify your active configuration at any time. sudo ufw status verbose
7. Advanced Rule Management (IP-Based Restrictions): Implement more granular control using specific IP addresses, subnets, or network interfaces. Allow SSH only from a specific IP: sudo ufw allow from 203.0.113.4 to any port 22 Allow HTTP traffic only on a specific interface (e.g., eth0): sudo ufw allow in on eth0 to any port 80
8. Rule Modification/Deletion: Modify or remove existing rules as your needs evolve. List rules with numbers: sudo ufw status numbered Then, delete a rule using its number: sudo ufw delete 2 # Example: Deletes rule number 2
9. Disabling/Resetting UFW: Temporarily suspend firewall protection or start over. sudo ufw disable 2sudo ufw reset

Configuring a Firewall with Firewalld: The Advanced Option

Firewalld, the standard firewall manager for Red Hat-based distributions (CentOS, Fedora, RHEL), introduces the concept of zones for flexible rule application. This system is ideal when you need more nuanced control.

Step-by-Step Firewalld Configuration:

1. Installation and Service Status: Check if Firewalld is running and enable it to start on boot if necessary. sudo systemctl status firewalld 2sudo systemctl enable --now firewalld
2. Default Zone and Zone Exploration: Examine the default zone and available zones. The default is typically public. sudo firewall-cmd --get-default-zone 2sudo firewall-cmd --get-zones
3. Interface-to-Zone Assignment: Associate network interfaces with specific zones. Assigning ens192 to the public zone: sudo firewall-cmd --zone=public --add-interface=ens192 --permanent 2sudo firewall-cmd --reload
4. Allowing Services or Ports: Enable specific services or ports through the firewall. Allow HTTP and HTTPS: sudo firewall-cmd --add-service=http --permanent 2sudo firewall-cmd --add-service=https --permanent 3sudo firewall-cmd --reload Open a custom port (e.g., 8080/tcp): sudo firewall-cmd --add-port=8080/tcp --permanent 2sudo firewall-cmd --reload
5. Source-Based Rules: Apply rules based on source IP addresses or subnets. Allow the subnet 172.16.1.0/24 in the internal zone: sudo firewall-cmd --zone=internal --add-source=172.16.1.0/24 --permanent sudo firewall-cmd --reload
6. Review and Auditing: Check active rules. List services and ports in the default zone: sudo firewall-cmd --list-all Get a comprehensive overview of all zones: sudo firewall-cmd --list-all-zones
7. Removing Services or Ports: Remove unnecessary rules. Remove HTTP from the public zone: sudo firewall-cmd --zone=public --remove-service=http --permanent 2sudo firewall-cmd --reload

UFW vs. Firewalld: Choosing the Right Tool

Both UFW and Firewalld offer user-friendly interfaces for managing Linux firewalls. The optimal choice depends on your specific needs.

• UFW: Best for simplicity and ease of use, especially on Ubuntu and Debian systems. Ideal for single-purpose servers or desktops where straightforward rule management suffices.
• Firewalld: The preferred choice for Red Hat-based distributions. It’s designed for more complex networking scenarios, multiple network interfaces, and varying trust levels due to its zone-based approach.

For most users, sticking with the default firewall tool for their distribution is the simplest and most effective strategy.

Conclusion:

Configuring a firewall is a fundamental aspect of Linux system security. Whether you choose UFW or Firewalld, the goal remains the same: to protect your system from unauthorized access and potential threats. By following the steps outlined in this guide, you can effectively control network traffic, enhance your system’s security posture, and safeguard your valuable data. Regularly reviewing and updating your firewall rules, coupled with a commitment to security best practices, will ensure your digital fortress remains strong.