Support > About cybersecurity > Whole process of configuring the firewall on the Linux server
Whole process of configuring the firewall on the Linux server
Time : 2025-03-23 16:14:57
Edit : Jtti

The firewall of the server is the first line of defense, which can effectively block malicious traffic, reduce the risk of attacks, and control access rights. Firewalls on Linux servers generally involve tools such as iptables, firewalld, and Uncomplicated Firewall (ufw). These tools have their own characteristics and are applicable to different application scenarios. The following is to share the whole process of Linux server firewall deployment.

The core function of a Linux wall is to manage the flow of packets in and out, using a set of rules to determine which connections get through and which don't. Firewall deployment and management tools vary from Linux distribution to Linux distribution. Ubuntu typically uses ufw as the default firewall, while CentOS 7 and higher uses firewalld, while iptables remains the preferred option for many power users and traditional server management.

On Ubuntu and Debian systems, ufw provides a simpler and easier way to manage firewall rules. The ufw may be disabled by default. You can activate it by running the following command:

sudo ufw enable

Check the current firewall status after enabling:

sudo ufw status

And allows SSH access:

sudo ufw allow 22/tcp

If you want to open HTTP (port 80) and HTTPS (port 443), you can run the following command:

sudo ufw allow 80/tcp  
sudo ufw allow 443/tcp

To improve security, administrators can also set default rules, such as rejecting all inbound connections by default and allowing only specific ports:

sudo ufw default deny incoming  
sudo ufw default allow outgoing

For servers that require remote administration, you can restrict SSH login sources, such as allowing SSH access to only certain IP addresses:

sudo ufw allow from 192.168.1.100 to any port 22

Delete rules with:

sudo ufw delete allow 22/tcp to remove an open port.

On CentOS and RHEL systems, the default firewall management tool is firewalld, which is more dynamic than iptables and can update rules without affecting existing connections. firewalld manages network interfaces with the concept of "zones", such as public, internal, and trusted, each of which can have different rules. To start firewalld and see the current status, you can use:

sudo systemctl start firewalld  
sudo systemctl enable firewalld  
sudo firewall-cmd --state

If you want to open specific ports, such as SSH, HTTP, and HTTPS, you can do:

sudo firewall-cmd --permanent --add-service=ssh  
sudo firewall-cmd --permanent --add-service=http  
sudo firewall-cmd --permanent --add-service=https  
sudo firewall-cmd --reload

The permanent option indicates that the rule is saved permanently, while the reload option applies a new configuration. If you want to see which ports are currently open, you can use:

sudo firewall-cmd --list-all

iptables is still the most flexible firewall tool for advanced users. iptables allows you to manually define complex rule sets. See the current rules:

sudo iptables -L -v

Add rules such as allowing SSH access:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

To prevent an IP address from accessing the server:

sudo iptables -A INPUT -s 192.168.1.200 -j DROP

The iptables rules are not persisted by default and will be lost after the server is restarted. Therefore, you need to manually save the rules. On Ubuntu, the iptables-save and iptables-restore commands can be used to persist rules, while on CentOS, the service iptables save can be used to save configurations.

In addition to basic port management, Linux firewalls can work with tools such as Fail2Ban to automatically detect and block malicious IP addresses. For example, Fail2Ban can monitor the number of SSH login failures and automatically block the attacker's IP to prevent forced cracking:

sudo apt install fail2ban  
sudo systemctl enable fail2ban  
sudo systemctl start fail2ban

In the /etc/fail2ban/jails.conf file, you can configure SSH rules, such as:

[sshd]
enabled = true
port = 22
maxretry = 5
bantime = 3600

An IP address will be banned for one hour if you enter incorrect passwords for five consecutive times. This improves server security when the server is exposed to the public network.

In today's increasing Internet security threats, reasonable configuration of the firewall is the basis of system security, but also a strong guarantee for the stable operation of the server.

Relevant contents

Steps for Ubuntu system updates and upgrades What are the challenges of enterprise server maintenance What are the backup policies of the Windows server Advantages and disadvantages of Nginx versus Apache This section describes the traffic cleaning principles of the US high defense server What is the relationship between Singapore's high defense server defense capabilities and hardware configuration? Causes of HTTPS certificate error after a website uses a high-security IP address What DNS Settings need to be changed when a website moves to a US high security server High defense server TCP and UDP protocol protection technical difficulties What are the differences between soft links and hard links
Go back

24/7/365 support.We work when you work

Support
JTTI-Defl JTTI-COCO JTTI-Selina JTTI-Ellis JTTI-Eom