Firewalls are essential components of network security, serving as a barrier between a trusted internal network and untrusted external networks such as the internet. They regulate incoming and outgoing network traffic based on predetermined security rules. Several firewall management tools exist in the Linux ecosystem, each with its own set of commands and configurations. This article provides an overview of common firewall commands for iptables, CSF (ConfigServer Security & Firewall), UFW (Uncomplicated Firewall), Firewalld, and nftables.
-
iptables:
iptables is a user-space utility program that allows configuring the Linux kernel's packet filtering ruleset. It is a powerful and flexible firewall tool but can be complex to manage directly. Here are some common commands:
a. Display current rules:
# iptables -L
b. Allow incoming traffic on a specific port:
# iptables -A INPUT -p tcp --dport <port_number> -j ACCEPT
c. Block incoming traffic on a specific port:
# iptables -A INPUT -p tcp --dport <port_number> -j DROP
d. Save configuration:
# iptables-save > /etc/iptables/rules.v4
-
CSF (ConfigServer Security & Firewall):
CSF is a popular firewall configuration script designed to provide better security for servers. It integrates with iptables and provides a more straightforward interface for managing firewall rules. Common commands include:
a. Start CSF:
# csf -s
b. Stop CSF:
# csf -f
c. Allow an IP address:
# csf -a <IP_address>
d. Block an IP address:
# csf -d <IP_address>
-
UFW (Uncomplicated Firewall):
UFW is a front-end for iptables and is designed to be easy to use. It is particularly popular on Ubuntu systems. Some common commands are:
a. Enable UFW:
# ufw enable
b. Deny incoming traffic on a specific port:
# ufw deny <port_number>
c. Allow incoming traffic on a specific port:
# ufw allow <port_number>
d. Reload UFW rules:
# ufw reload
-
Firewalld:
Firewalld is a dynamic firewall manager introduced in CentOS/RHEL 7. It provides a more flexible and powerful interface compared to traditional iptables. Common commands include:
a. Enable firewalld:
# systemctl enable firewalld
# systemctl start firewalld
b. Allow a service:
# firewall-cmd --zone=public --add-service=<service_name> --permanent
c. Add a port:
# firewall-cmd --zone=public --add-port=<port_number>/tcp --permanent
d. Reload firewalld:
# firewall-cmd --reload
-
nftables:
nftables is a modern replacement for iptables in the Linux kernel. It provides a simpler and more efficient framework for packet filtering. Common commands include:
a. Display current rules:
# nft list ruleset
b. Add a rule:
# nft add rule <table> <chain> <rule>
c. Delete a rule:
# nft delete rule <table> <chain> <rule>
d. Flush rules:
# nft flush ruleset