Linux servers have become almost standard for back-end systems. However, as business continues to grow, network security risks also increase. Attackers often don't directly breach the server kernel. Instead, they gradually explore system weaknesses through methods like port scanning, exploiting open service vulnerabilities, and malicious traffic bombardment. Therefore, timely updates to firewall security policies, like building a strong moat around a castle, are an essential part of a Linux server security system. Many administrators set up initial firewall rules after deploying a server, but overlook the need for dynamic adjustments to firewall policies as business changes and protection requirements evolve. How can you effectively update firewall policies in Linux servers?

If a server is like a city, then the firewall is the guard protecting it. Whenever traffic flows in and out, rules are needed to identify friend and foe. However, firewalls aren't a one-size-fits-all solution. As new services are launched, new ports may need to be opened. For example, deploying a web service might require opening ports 80 and 443, while deploying SSH management might change the port from 22 to 2222. Failure to update policies can block legitimate access. Attack methods evolve daily, and outdated rules may not be sufficient to protect against new scanning and brute-force attacks. For example, UDP attacks, previously uncommon, are now a frequent occurrence. Enterprises may need to meet compliance requirements such as the Information Security Protection System, GDPR, or ISO 27001 at different stages, requiring firewall rules to be adjusted accordingly to prevent unauthorized access. Therefore, regularly updating and optimizing firewall rules is fundamental to ensuring the stability and security of Linux servers.

Mainstream Linux Firewall Management Methods:

On Linux servers, firewalls are typically managed using the following methods:

iptables: A traditional and powerful firewall tool that filters traffic based on a rule chain approach. While flexible, it can be complex to configure and has relatively obscure syntax.

firewalld: The default firewall management tool for modern Linux distributions (such as CentOS 7+, RHEL 8, and Fedora). It uses zones and services and supports dynamic rule changes without requiring a reboot.

nftables: The successor to iptables, with a simpler and more efficient design, is being gradually adopted in newer distributions such as Debian and Ubuntu.

While different tools may differ, their core purpose remains the same: allowing or denying packets in and out of the server based on defined policies.

Common Scenarios for Updating Firewall Policies:

In actual operations and maintenance, updating firewall rules often occurs in the following situations:

Business rollout or migration: New application ports need to be allowed, such as TCP:3306 for remote database access.

Security hardening: Restricting access to the SSH port to specific IP addresses to prevent network-wide scans.

Performance optimization: Blocking invalid traffic and reducing system resource consumption.

Emergency response: Temporarily blocking the source IP address of a DDoS attack or scan.

Therefore, updating policies is not just a reactive fix; it's also a proactive defense and maintenance measure.

How to update a firewall in an iptables environment:

Although iptables is gradually being replaced by firewalld, it is still widely used in many older or lightweight systems.

1. Check existing rules

iptables -L -n -v

This command lists the rules and matching traffic for all chains (INPUT, OUTPUT, FORWARD).

2. Adding a Rule

For example, to allow a specific IP address to access SSH:

iptables -A INPUT -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT

3. Block malicious IP addresses

iptables -A INPUT -s 203.0.113.25 -j DROP

4. Saving Rules

Different systems have different saving methods:

service iptables save   # CentOS 6
iptables-save > /etc/iptables/rules.v4  # Debian/Ubuntu

5. Key Points for Updating Policies

Avoid duplicating rules and prioritize reviewing existing policies. Remember to prioritize order; iptables rule chains are executed sequentially. Save your rules permanently after testing to avoid network outages caused by errors.

Firewall Update Methods in a Firewalld Environment:

In CentOS 7 and later, firewalld is almost universally adopted. It is easier to use than iptables and more suitable for dynamic updates.

1. Check the Current Zone and Service

firewall-cmd --get-active-zones
firewall-cmd --list-all

2. Add allowed ports

firewall-cmd --zone=public --add-port=8080/tcp --permanent

3. Delete rules

firewall-cmd --zone=public --remove-port=8080/tcp --permanent

4. Reload the configuration

firewall-cmd --reload

5. Set to allow only specific IP access

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='203.0.113.10' port port=22 protocol=tcp accept"

Compared to iptables, firewalld's advantages include more intuitive rules, support for "zone" and "service" abstraction, and better suited for scenarios with multiple businesses coexisting.

In the Linux server security ecosystem, firewall policy updates aren't optional; they're an ongoing task throughout the entire business lifecycle. From iptables to firewalld to nftables, tools have evolved, but the core philosophy remains unchanged: only allow required traffic and deny all unnecessary access. For operations personnel, mastering firewall policy updates is not only a part of daily work but also a frontline defense against attacks. Whether facing internal business changes or complex external network environments, only scientific, standardized, and dynamic firewall policy updates can truly ensure the stability and security of Linux servers.