How to set up a firewall in Linux
Use firewalld or iptables to secure Linux; firewalld is user-friendly with zones and services, ideal for CentOS/RHEL/Fedora, while iptables offers granular control for Debian/Ubuntu. Enable firewalld: sudo systemctl start firewalld, allow services like SSH with --add-service=ssh, or open ports via --add-port=8080/tcp, then reload rules. For iptables, allow loopback, established connections, and specific ports (22, 80), set default DROP policy, and save rules to persist. Always limit open ports, use SSH keys, and test firewall with tools like nmap. Regularly review rules using firewall-cmd --list-all or iptables -L. Prefer firewalld for simplicity, iptables for control.
Setting up a firewall in Linux is essential for securing your system from unauthorized access and network threats. The most common way to manage a firewall on Linux is through iptables or the newer firewalld, depending on your distribution. Below are practical steps to set up a basic firewall using both methods.
Using firewalld (Recommended for CentOS, RHEL, Fedora)
firewalld is user-friendly and uses zones and services, making it easier to manage firewall rules.
- Check if firewalld is running: sudo systemctl status firewalld
- Start firewalld: sudo systemctl start firewalld
- Enable it to start at boot: sudo systemctl enable firewalld
- Allow a service (e.g., SSH): sudo firewall-cmd --permanent --add-service=ssh
- Allow a specific port (e.g., 8080/tcp): sudo firewall-cmd --permanent --add-port=8080/tcp
- Reload to apply changes: sudo firewall-cmd --reload
- Check current settings: sudo firewall-cmd --list-all
Using iptables (Common in Debian, Ubuntu, and older systems)
iptables gives you fine-grained control over packet filtering but requires more detailed commands.
- Install iptables if not present: sudo apt install iptables (on Debian/Ubuntu)
- Allow loopback traffic: sudo iptables -A INPUT -i lo -j ACCEPT
- Allow established connections: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- Allow SSH (port 22): sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- Allow HTTP (port 80): sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- Set default policies: sudo iptables -P INPUT DROP (blocks everything not explicitly allowed)
- Save rules (varies by distro): sudo iptables-save > /etc/iptables/rules.v4 (Debian/Ubuntu with iptables-persistent)
Basic Security Tips
A good firewall setup balances accessibility and protection.
- Only open ports your services need (e.g., 22 for SSH, 80/443 for web)
- Use SSH key authentication and consider changing the default SSH port or using fail2ban
- Regularly review active rules: sudo firewall-cmd --list-all or sudo iptables -L
- Test your setup from another machine using tools like nmap
Mostly, use firewalld if your system supports it—it’s simpler and well-integrated. For more control or on older systems, iptables is reliable. Either way, having a configured firewall is a critical step in securing your Linux server. Basically, start with allowing essential services and block the rest.
The above is the detailed content of How to set up a firewall in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to run Windows programs on Linux
Sep 18, 2025 am 03:25 AM
TorunWindowsprogramsonLinux,trythesemethods:1.UseWinetodirectlyrun.exefiles.2.InstallPlayOnLinuxforeasierWinemanagement.3.SetupaWindowsvirtualmachinewithVirtualBox.4.UseLutristoinstallandrunWindowsgamesseamlessly.
How to check your GPU in Linux
Sep 20, 2025 am 04:52 AM
ToidentifyyourGPUonLinux,trythesesteps:1.Runlspci|grep-i'3d\\|vga'.2.Usesudolshw-Cdisplay.3.Check/proc/driver/nvidia/gpus/forNVIDIAGPUs.4.Runnvidia-smiifNVIDIAtoolsareinstalled.5.Installanduseinxi-Gfordetailed,formattedoutput.
How to take a screenshot on Linux
Sep 15, 2025 am 03:35 AM
TotakescreenshotsonLinux:1.UsePrtScnkeyforfullscreen,Alt PrtScnforactivewindow.2.UseGNOMEScreenshottoolformoreoptions.3.Usegnome-screenshotcommandinterminal.4.Installandusescrotforlightweightcommand-linecapturing.
How to find the path of a program in Linux
Sep 16, 2025 am 08:56 AM
Tolocateaprogram'sinstallationpathonLinux,use:1.whichprogram_nameforquickPATH-basedlookup.2.whereisprogram_nametofindbinaries,manpages,andsources.3.locatewithupdatedbandgrepforfastfilesearches.4.find/-typef-executable-name"program_name"fort
How to install VS Code on Linux
Sep 16, 2025 am 09:04 AM
ToinstallVSCodeonLinux,usetheofficialAPTrepositoryforautomaticupdates,Snapforcross-distributioncompatibility,oramanualtarballforfullcontrol.Choosebasedonyoursystemandneeds.
How to install NVIDIA drivers on Linux
Sep 15, 2025 am 03:46 AM
IfyoufacedisplayorperformanceissueswheninstallingNVIDIAdriversonLinux,followthesesteps:1.IdentifyyourGPUmodelusinglspci.2.Useyourdistribution’spackagemanagertoinstalltherecommendeddriver.3.Optionally,downloadandinstallthelatestdriverfromNVIDIA’swebsi
How to update AMD drivers in Linux
Sep 21, 2025 am 12:21 AM
ToupdateAMDdriversonLinux,useyourdistribution’spackagemanagertoinstallupdatedMesadrivers,orinstallAMDGPU-Proforprofessionalneeds.Ubuntuuserscanusethe"AdditionalDrivers"toolforaneasyswitch.Advancedusersmaycompilekernelmodulesfromsource.Reboo
How to find the process ID (PID) in Linux
Sep 20, 2025 am 12:21 AM
TofindaprocessIDinLinux,use:1.psaux|greptolistandfilterprocesses.2.pgrepfordirectPIDoutput.3.pidofforexactmatches.4.Check/procdirectoriesmanually.5.Usetoporhtopforreal-timemonitoringandsearch.
