Technology Encyclopedia Home >How to configure firewall on Linux?

How to configure firewall on Linux?

Created on 2025-03-19 14:54:58
103

Configuring a firewall on Linux typically involves using the iptables command-line utility, which is a powerful tool for managing the Linux firewall. Here’s a basic guide on how to set it up:

Basic Configuration Steps:

  1. Check Current Firewall Status:

    sudo iptables -L

    This command lists the current firewall rules.

  2. Allow Specific Ports:
    To allow traffic on a specific port (e.g., port 80 for HTTP), use:

    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

    This rule appends (-A) to the INPUT chain, allowing (-j ACCEPT) TCP traffic on port 80.

  3. Block Specific Ports:
    To block traffic on a specific port (e.g., port 22 for SSH), use:

    sudo iptables -A INPUT -p tcp --dport 22 -j DROP

    This rule drops (-j DROP) all TCP traffic on port 22.

  4. Save Rules:
    After setting up your rules, you need to save them so they persist across reboots. On many systems, you can use:

    sudo iptables-save > /etc/iptables/rules.v4

    Ensure that the /etc/iptables/rules.v4 file exists or create it.

  5. Enable IP Forwarding (if needed):
    For systems acting as routers, you might need to enable IP forwarding:

    sudo sysctl -w net.ipv4.ip_forward=1

    To make this change permanent, edit /etc/sysctl.conf and set net.ipv4.ip_forward = 1.

Example Scenario:

Suppose you want to set up a firewall that allows HTTP and HTTPS traffic but blocks all other incoming traffic. You would:

  1. Allow HTTP and HTTPS:

    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

  2. Block all other incoming traffic:

    sudo iptables -A INPUT -j DROP

  3. Save the rules:

    sudo iptables-save > /etc/iptables/rules.v4

Cloud Firewall Solutions:

For more advanced firewall management, especially in cloud environments, consider using managed firewall services. For instance, Tencent Cloud offers the Tencent Cloud Firewall service, which provides a centralized, scalable, and highly reliable firewall solution to protect cloud resources. It supports various security features like intrusion detection, application control, and VPN access.

Using a managed firewall service can simplify the management of firewall rules and provide additional security features that are crucial for cloud-based applications.