The Linux firewall is managed by a service called Iptables. Iptables is a net-filter built into the Linux or Unix kernel. It is used even when third party applications are called. Iptables was initially released in 1998, but since has had a rewrite in favor of a new utility to be written into the kernel. People still use Iptables, most companies utilize this over third party applications just because they don’t want a middle man in between them and the computer’s settings. It is also more powerful using Iptables over third party applications as well because you’re interacting directly with the Kernel. Some third party applications that I frequently use include UFW for command line working with the firewall and GUFW for a gui for t he same command line firewall. Fedora and Red Hat have their own firewall service as firewall daemon. The Linux firewall is more robust than the Windows firewall in that it doesn’t try to discriminate traffic. It tells the user in the form of logs who is talking to each port.

The Linux firewall is easy to set up on most Debian and Arch-based systems. Simply type the following command to check the status of the current configuration: sudo ufw status verbose. This will tell you any services you have rules set for and will tell you whether or not the firewall is active. If the firewall is not active on startup, it’s possible that the service was not started in your init system. Most systems use Systemd for their initialization service now, so we will use that in this case. To enable the firewall in this case, use the command sudo systemctl enable ufw && sudo systemctl start ufw. This will initialize the firewall service in Systemd after giving Systemd control of it. To disable you would simply use sudo systemctl stop ufw && sudo systemctl disable ufw.

Assuming that you’ve started your firewall in the init system on your computer, it’s a good idea to issue the command to the program itself sudo ufw enable. This command will enable the firewall on your current active session. Once completed, most users won’t need extra tampering and configuration to be done to their firewall, however, if you wish to tinker, or if you use certain services that the firewall doesn’t already have a preset for, it might be a good idea to allow that service through. It also might be a good idea to set some deny rules for some services you don’t use, such as SSH and TELNET. These two services are fun to use, they allow a user to communicate with their computer remotely, but they are often seen as a potential attack vector as well. To deny a service, it’s straight-forward. All you have to do is type sudo ufw deny and the service name. For example, we’ll use SSH. Type sudo ufw deny ssh. That’s it, you’re done, but I should warn you, if you use SSH, it’s a bad idea to do this. Also, if you torrent a lot, it might be wise to set up port forwarding. Port forwarding is done by allowing a service through a specific port with a specific protocol and then setting that application or service to use that same port. For example, sudo ufw allow transmission-gtk. This tells UFW to allow all incoming through the port that Transmission(Bittorrent client) uses. It would then be a good idea to type sudo ufw reload to reload the firewall to accept the new settings.

My bash scripts on github, also have the ability to enable the firewall and set ssh and telnet to deny for you should you wish.

Leave a Reply