Linux Firewall – An overview
Linux Firewall Tools
The Linux kernel is part of every Linux distribution. This also includes a Linux firewall called netfilter. You can control the Linux Firewall with the Command Line Utility iptables. Debian-based distributions like Ubuntu or Knoppix have no predefined rules during the installation, so everything is allowed by default. With Enterprise Linux distributions such as Fedora, CentOS or RedHat, use ports have to be opened manually. The configuration of the Linux firewall can be adapted to your needs using iptables. However, the syntax and handling of iptables is relatively complex, so there are several tools / scripts to configure iptables.
We will introduce you to a small selection here.
Tools for the command line to configure your Linux firewall
- Arno’s Firewall – Secure firewall for single and multi-homed systems. Very easy to configure, handy to manage and highly customizable.
- Ferm – Tool for configuring complex firewalls. It allows the entire firewall rule set to be stored in a separate file and loaded with a command. The firewall configuration is similar to a structured programming language that can contain levels and lists.
- Firehol – Language for expressing firewall rules, not just a script that creates some kind of firewall. It also facilitates the construction of sophisticated firewalls – as you need it.
- Firetable – Firewall with “human readable” syntax. Based on PHP. Allows simple configuration of IPTables.
- Shorewall – High-quality tool for configuring the kernel netfilter firewall. You configure your firewall with entries in a series of configuration files.
- UFW – Simple front-end for iptables. It was developed by Canoncial, the brains behind Ubuntu, only as an exclusive package, but already a standard package for many distros.
Tools with a GUI (graphical user interface)
- Firewall Builder – GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA), and advanced Cisco routers. The program runs on Linux, FreeBSD, OpenBSD, Windows, and macOS and can manage both local and remote firewalls.
- Firewalld – Daemon and graphical interface for configuring network and firewall zones, as well as setting up and configuring firewall rules.
- Gufw – A GTK-based graphical interface for UFW – this results in the following membership: GUFW-> UFW-> IPTABLES-> NETFILTER.
- PeerGuardian Linux – Privacy-oriented firewall application. It blocks connections to and from hosts in gigantic block lists (thousands or millions of IP ranges). In parallel, this solution also provides operation via the command line.
- KCN-UFW – KDE alternative for Gufw
Overview of important ports
The fewer ports are open, the less attack space your server provides. However, there are certain ports that must be open to provide certain services. If you are running a website on your server, for example, it is no longer available if you keep all ports locked. There are standard ports for certain services, a small collection of which is listed below:
| Service | Port |
|---|---|
| HTTP | 80 |
| HTTPS | 443 |
| SSH | 22 |
| FTP | 21 |
| MYSQL | 3306 |
| SMTP | 25 |
| SMTP (ssl) | 465 |
| IMAP | 143 |
| IMAP (ssl) | 993 |
| POP | 110 |
| POP (ssl) | 995 |
| openVPN | 1194 |
Hint: Before you close a port, make sure you are still able to access the system and you are not locked out.
If you are locked out at gridscale, this is not a problem. You can use the control panel to access the server directly, even if all ports are closed.