How To Use Firewall For Enhancing Network Security In Linux/Unix?
Introduction to firewall
A firewall is a network security system that monitors incoming and outgoing network traffic and allows or blocks the data packets based on a set of security rules that are predefined in the system. It acts as a barrier between internal and external sources such as the internet and blocks malicious traffic. Generally, it can be categorized as –
Network firewall –
A network firewall filters traffic between two or more networks and runs on network hardware.
Host-based firewall –
A host-based firewall runs on the host computer and controls the network traffic in and out of that system.
How does a firewall work?
Firewall carefully analyze the traffic which is coming from different sources and filter the unsecured and suspicious one so that the host computer can be prevented from the external attack. An external device establishes the connection with a computer and exchange the information through an entry point on that computer these entry points are known as port. For example – Suppose a system installed with ssh client want to establish the connection with an ssh server. Then first it will have to make a connection request to the server, the firewall on the server will analyze it based on the predefined rules. If it finds it a trusted source then it will be allowed to get connected over port 22 otherwise it gets rejected.
The uncomplicated firewall is the default firewall configuration tool for Ubuntu, Linux Mint and many other such Linux distributions. It provides a user-friendly and easy way to create an iptable firewall configuration. The ufw does not provide complete firewall functionality but instead, it provides an easy way to add or remove simple rules. It is mainly used for host-based firewalls.
How to use ufw –
By default, ufw is disabled So if you want to use it, first you will have to enable it. Follow the given steps to use it
1. You can check the status of the firewall that will be either active or inactive –
sudo ufw status
2. Enable it by using the given command-
sudo ufw enable
3. To open a port lets say 22 (port used by ssh) use the given command
sudo ufw allow 22
4. Similarly to close an opened port use the following command
sudo ufw deny 22
5. The firewall rules also can be added using a numbered format
sudo ufw insert 1 allow 80
6. To remove a rule, you should use the given command
sudo ufw delete deny 22
7. Using –dry-run option with ufw command will output resulting rules but not apply them. For example –
sudo ufw --dry-run allow http
The above command when executed will display some rules and filters that get applied if opening the HTTP port.
8. ufw can be disabled by using
sudo ufw disable
Applications that open port can include an ufw profile. These profiles are kept in /etc/ufw/applications.d and can be edited if the default port has been changed. A profile contains the details of the port used by the application that opened it and it is needed for the application to function properly.
9. To view which application has installed a profile use the following command
sudo ufw app list
Now this command will display the list of available applications.
10. And to view details of port, protocols used by the application use the given command
sudo ufw app info application_name
GUI tools to configure a firewall
You can make using this handy firewall even easier by using GUI tools that are available for it. Gufw is one of the most popular GUI front ends available for ufw. By using Gufw you can easily add or remove a rule, you can create a profile for home, office or
public. In some Linux distributions, it comes preinstalled, but if you do not have it in your system you can install it by using the given command –
sudo apt install gufw(In debian based Linux distributions)
As you can see above it is the GUI interface of Gufw application. Which is the frontend of the ufw.
Now I hope this might give you some insight into the topic. If you want to say something about this you can write us in the comments below.
You might also like
This post was last updated on January 31st, 2020 at 04:02 pmI already discussed briefly about Aptitude which is a debian package manager. In this article, we will see it
Iso image files are distributed as a single downloadable file for bootable OS, games etc. It is important to know how to create an iso file from a directory or
In a debian based package management system the apt-cache is a low-level tool to manipulate and obtain information about packages from apt’s internal database. It creates a repository of information