Securing Your Linux Server with FirewallD: A Step-by-Step Guide

    By 3 Mins Read

    Securing your Linux server is a critical step in ensuring the safety of your data and applications. One of the most important tools for achieving this is FirewallD, a dynamic firewall management tool that comes pre-installed on many Linux distributions. In this step-by-step guide, we’ll walk you through how to use FirewallD to secure your Linux server.

    Advertisement

    Step 1: Check if FirewallD is installed and running

    The first step is to check if FirewallD is already installed and running on your system. You can do this by running the following command in the terminal:

    sudo systemctl status firewalld

    If FirewallD is not installed, you can install it using your distribution’s package manager. For example, on Ubuntu, you can run:

    sudo apt-get install firewalld

    Step 2: Configure FirewallD zones

    The next step is to configure FirewallD zones. Zones are predefined sets of rules that specify what traffic is allowed or denied. For example, the public zone may allow incoming HTTP and HTTPS traffic, while the internal zone may allow all traffic from the local network. To view the available zones, run the following command:

    sudo firewall-cmd --get-zones

    To add a new zone, run the following command:

    sudo firewall-cmd --permanent --new-zone=zone_name

    Replace “zone_name” with the name of the new zone. You can then configure the rules for the zone using the --add-* and --remove-* options. For example, to allow incoming SSH traffic on the public zone, run:

    sudo firewall-cmd --permanent --zone=public --add-service=ssh

    Step 3: Configure FirewallD services

    In addition to zones, FirewallD also uses services to define the type of traffic that is allowed or denied. Services are predefined sets of rules that specify the ports and protocols that are allowed or denied. To view the available services, run the following command:

    sudo firewall-cmd --get-services

    To add a new service, create a new XML file in the “/etc/firewalld/services/” directory. The file should contain the rules for the service, including the ports and protocols that are allowed or denied.

    Step 4: Enable FirewallD and reload the configuration

    Once you have configured the zones and services, you can enable FirewallD and reload the configuration. To do this, run the following commands:

    sudo systemctl enable firewalld 
sudo systemctl start firewalld 
sudo firewall-cmd --reload

    This will enable FirewallD on your system and reload the configuration.

    Step 5: Test the firewall configuration

    The final step is to test the firewall configuration to ensure that it is working as expected. You can do this by running the following command:

    sudo firewall-cmd --get-active-zones

    This command will display the active zones and the rules that are applied to each zone. You can also use tools like nmap to test the firewall configuration by scanning your system for open ports.

    Conclusion

    In this guide, we’ve shown you how to use FirewallD to secure your Linux server. By configuring zones and services, enabling FirewallD, and testing the configuration, you can ensure that your system is protected from unauthorized access and potential security threats.

    Share.

    Related Posts

    View 1 Comment

    1 Comment

    1. Sudheer on

      Great Article Rahul. I really got good conceptual explanation of zones/services/ports of firewalld from this.
      Thanks a lot, please keep this up.

      Reply

    Leave A Reply