Skip to main content

Firewall in Linux

 


Firewall:


>A wall that prevents the spread of the fire.


> A data moves in and out of the server its packet information is tested against the firewall rules to see if it should be allowed or not.


> In simple words, a firewall is like a watchman, a bouncer, or a shield that has a set of rules given and based on that rule they decide who can enter and leave.


>There are 2 types of firewall in IT:


1. software: runs on the operating system.


2. hardware: A dedicated appliance with firewall software.


************************************



firewalld: it works the same way as iptables but ofcourse it has its own commands.


#firewall-cmd


• It has a few predefined service rules that are very easy to turn on and off. Services such as NFS,NTP,httpd etc


• Firewalld also has the following:


>tables

>chains

>rules

>targets


@you can run one or the other: iptables or firewalld


**********************************

Make sure iptables is stopped disabled and mask


#systemctl stop iptables

#systemctl disable iptables

# systemctl mask iptables


•how to check if firewalld package is installed or not?


#rpm -qa | grep firewalld

#start firewalld

#systemctl start/enable firewalld



•check the rules of the firewalld

#firewalld-cmd  --list-all


• Get the listing of all services firewalld is aware of:

#firewalld-cmd  --get-services


• To make firewalld re-read the configuration added:

#firewall-cmd  --reload


• firewalld has multiple zone, to get the list of all zones:

#firewall-cmd  --get-zones


•get the list of active zones:

#firewall-cmd --get-active-zones



•get the firewall rules for public zone:

#firewall-cmd  --zone=public-list-all


• All the services are predefined by firewalld .What if you want to add a 3rd party service:


#/usr/lib/firewalld/services/allservices.xml

#simply copy any .xml file and change the services and port number.



•how to add the service to firewall(http service):

#firewall-cmd  --add-service=http



•how to remove the service from firewalld ?

#firewall-cmd   --add-service=http


•to reload the firewalld configuration:

#firewall-cmd  --reload


note: when you reload the firewalld configuration, the services that you have added permaneritly will be flushed. if you dont want firewall to flush the services, you need to add or remove the service permanently.


• To add or remove a service permanently:

#firewall-cmd  --add-service=http  --permanent

#firewall-cmd  --remove-service=http  --permanent


•to add the service which is not predefined by firewalld:

# /usr/lib/firewalld/services/allservices.xml

#simply copy any .xml file and change the service and port number

#firewall-cmd  --get-services

#firewall-cmd  --add-service-sap



•to add the port to firewall:

#firewall-cmd  --add-port=1110/tcp

#firewall-cmd    --list-all



 •to add the port to firewall permanently:

#firewall-cmd --add-port=1110/tcp --permanent



 •to remove the port:

#firewall-cmd --remove-port=1110/tcp



•To reject incoming traffic from an IP address:

#firewall-cmd  --add-rich-rule='rule family="ipv4" source address = "192.168.0.12" reject'



 •to block and unblock ICMP incoming traffic:

#firewall-cmd --add-icmp-block-inversion

#firewall-cmd --remove-icmp-block-inversion



•to block outgoing traffic to specify website/IP address:

#host -t  a  www.facebook.com   :find the ip of facebook

#firewall-cmd  --direct  --add-rule ipv4  filter OUTPUT  0-d  31.13.71.36  -j  DROP



Comments

Post a Comment

Popular posts from this blog

Linux basic commands

 Linux basic commands: du  -sh  *  |  sort  -h  -r   |  head  -n  40  :    list out first 40 files in the directory that are taking more space in the directory.  cd : change directory Is-l listing the items in long listing format  pwd : print working directory Is-I format: type :no of links:owner : group:size :month :day :time :name cd/: go to/directory whoami: tells us by which username we are logged in. touch jerry: creates the file named jerry in present working directory. cp jerry lex: copy the content of jerry file and paste it to lex file. vi text1: creates the file text1 and open it in vi editor mkdir superman: creates the directory called superman mkdir abc def  : creates 2 folder in one command. touch filename wont work in /etc/ folder if logged in by normal account. man cp: shows manual for cp command. echo "india is my country"> file1 puts the text in file1. rm filename: remove the filename  mv lex luther renames the file from lex to luther  mv luther /h
Post a Comment
Read more

patching tasks

 Patching a Linux system is a critical task to ensure that the system remains secure, stable, and up-to-date with the latest features and fixes. Here’s a comprehensive guide to the tasks involved in Linux patching: 1. Pre-Patching Preparation Backup System : Ensure you have a full system backup, including critical data, configuration files, and applications. Test the backup to verify its integrity. Check Disk Space : Verify that you have enough disk space, particularly on /var , /tmp , and /boot partitions. Review Current Patch Level : Determine the current patch level and installed packages using package management tools like yum , apt , dpkg , or rpm . Check System Logs : Review system logs to identify any issues that might affect the patching process. Test in a Staging Environment : If possible, apply patches in a staging environment that mirrors production to identify potential issues. Notify Stakeholders : Inform stakeholders about the scheduled maintenance window and expected do
Post a Comment
Read more