How to set up a firewall in Linux
Use firewalld or iptables to secure Linux; firewalld is user-friendly with zones and services, ideal for CentOS/RHEL/Fedora, while iptables offers granular control for Debian/Ubuntu. Enable firewalld: sudo systemctl start firewalld, allow services like SSH with --add-service=ssh, or open ports via --add-port=8080/tcp, then reload rules. For iptables, allow loopback, established connections, and specific ports (22, 80), set default DROP policy, and save rules to persist. Always limit open ports, use SSH keys, and test firewall with tools like nmap. Regularly review rules using firewall-cmd --list-all or iptables -L. Prefer firewalld for simplicity, iptables for control.
Setting up a firewall in Linux is essential for securing your system from unauthorized access and network threats. The most common way to manage a firewall on Linux is through iptables or the newer firewalld, depending on your distribution. Below are practical steps to set up a basic firewall using both methods.
Using firewalld (Recommended for CentOS, RHEL, Fedora)
firewalld is user-friendly and uses zones and services, making it easier to manage firewall rules.
- Check if firewalld is running: sudo systemctl status firewalld
- Start firewalld: sudo systemctl start firewalld
- Enable it to start at boot: sudo systemctl enable firewalld
- Allow a service (e.g., SSH): sudo firewall-cmd --permanent --add-service=ssh
- Allow a specific port (e.g., 8080/tcp): sudo firewall-cmd --permanent --add-port=8080/tcp
- Reload to apply changes: sudo firewall-cmd --reload
- Check current settings: sudo firewall-cmd --list-all
Using iptables (Common in Debian, Ubuntu, and older systems)
iptables gives you fine-grained control over packet filtering but requires more detailed commands.
- Install iptables if not present: sudo apt install iptables (on Debian/Ubuntu)
- Allow loopback traffic: sudo iptables -A INPUT -i lo -j ACCEPT
- Allow established connections: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- Allow SSH (port 22): sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- Allow HTTP (port 80): sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- Set default policies: sudo iptables -P INPUT DROP (blocks everything not explicitly allowed)
- Save rules (varies by distro): sudo iptables-save > /etc/iptables/rules.v4 (Debian/Ubuntu with iptables-persistent)
Basic Security Tips
A good firewall setup balances accessibility and protection.
- Only open ports your services need (e.g., 22 for SSH, 80/443 for web)
- Use SSH key authentication and consider changing the default SSH port or using fail2ban
- Regularly review active rules: sudo firewall-cmd --list-all or sudo iptables -L
- Test your setup from another machine using tools like nmap
Mostly, use firewalld if your system supports it—it’s simpler and well-integrated. For more control or on older systems, iptables is reliable. Either way, having a configured firewall is a critical step in securing your Linux server. Basically, start with allowing essential services and block the rest.
The above is the detailed content of How to set up a firewall in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
The Ultimate Guide to High-Performance Gaming on Linux
Aug 03, 2025 am 05:51 AM
ChoosePop!_OS,Ubuntu,NobaraLinux,orArchLinuxforoptimalgamingperformancewithminimaloverhead.2.InstallofficialNVIDIAproprietarydriversforNVIDIAGPUs,ensureup-to-dateMesaandkernelversionsforAMDandIntelGPUs.3.EnabletheperformanceCPUgovernor,usealow-latenc
What are the main pros and cons of Linux vs. Windows?
Aug 03, 2025 am 02:56 AM
Linux is suitable for old hardware, has high security and is customizable, but has weak software compatibility; Windows software is rich and easy to use, but has high resource utilization. 1. In terms of performance, Linux is lightweight and efficient, suitable for old devices; Windows has high hardware requirements. 2. In terms of software, Windows has wider compatibility, especially professional tools and games; Linux needs to use tools to run some software. 3. In terms of security, Linux permission management is stricter and updates are convenient; although Windows is protected, it is still vulnerable to attacks. 4. In terms of difficulty of use, the Linux learning curve is steep; Windows operation is intuitive. Choose according to requirements: choose Linux with performance and security, and choose Windows with compatibility and ease of use.
Understanding RAID Configurations on a Linux Server
Aug 05, 2025 am 11:50 AM
RAIDimprovesstorageperformanceandreliabilityonLinuxserversthroughvariousconfigurations;RAID0offersspeedbutnoredundancy;RAID1providesmirroringforcriticaldatawith50�pacityloss;RAID5supportssingle-drivefailuretoleranceusingparityandrequiresatleastthre
Linux how to enable and disable services at boot
Aug 08, 2025 am 10:23 AM
To manage the startup of Linux services, use the systemctl command. 1. Check the service status: systemctlstatus can check whether the service is running, enabled or disabled. 2. Enable the service startup: sudosystemctlenable, such as sudosystemctlenablenginx. If it is started at the same time, use sudosystemctlenable--nownginx. 3. Disable the service startup: sudosystemctldisable, such as sudosystemctldisablecups. If it is stopped at the same time, use sudosystemctldisabl
Setting up a Development Environment on Linux for Python
Aug 03, 2025 am 12:26 AM
InstallPythonandessentialtoolsusingyourdistribution’spackagemanager,ensuringpython3-venvandpython3-devareincludedforenvironmentisolationandCextensions.2.Alwaysusevirtualenvironmentsbyrunningpython3-mvenvmyproject_envandactivatewithsourcemyproject_env
How to set up a firewall in Linux
Aug 22, 2025 pm 04:41 PM
UsefirewalldoriptablestosecureLinux;firewalldisuser-friendlywithzonesandservices,idealforCentOS/RHEL/Fedora,whileiptablesoffersgranularcontrolforDebian/Ubuntu.Enablefirewalld:sudosystemctlstartfirewalld,allowserviceslikeSSHwith--add-service=ssh,orope
Linux how to list all running processes
Aug 08, 2025 am 06:42 AM
Usepsauxforacompletesnapshotofallrunningprocesses,showingdetailedinformationlikeUSER,PID,CPU,andmemoryusage.2.Usetoporhtopforreal-timemonitoringofprocesseswithdynamicupdates,wherehtopoffersamoreintuitiveinterface.3.UsepgreporpidoftoquicklyfindthePIDs
How to clean up your Linux system
Aug 22, 2025 am 07:42 AM
Removeunusedpackagesanddependencieswithsudoaptautoremove,cleanpackagecacheusingsudoaptcleanorautoclean,andremoveoldkernelsviasudoaptautoremove--purge.2.Clearsystemlogswithsudojournalctl--vacuum-time=7d,deletearchivedlogsin/var/log,andempty/tmpand/var
