codingstuff.io
ExploreTutorialsProblemsCS Subjects
Get Started
ExploreTutorialsProblemsCS Subjects
Get Started
codingstuff.io

Master the art of building software through interactive tutorials, real-world problems, and guided projects.

Pune, Maharashtra, India

codingstuffmail@gmail.com

Product

  • Explore
  • Tutorials
  • Problems
  • CS Subjects

Company

  • About
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Sitemap

© 2026 codingstuff.io. All rights reserved.

Built with ❤️ for developers everywhere

/
/
All Tutorials
🐧

Linux & Bash

36 / 60 topics
35Security Best Practices36Firewall Configuration37User Authentication38System Hardening
Tutorials/Linux & Bash/Firewall Configuration
🐧Linux & Bash

Firewall Configuration

Updated 2026-04-20
2 min read

Firewall Configuration

Firewalls are essential for maintaining network security by controlling incoming and outgoing network traffic based on predetermined security rules. In this tutorial, we will explore how to configure firewalls using iptables, a powerful command-line tool available on most Linux distributions.

Understanding Firewalls

Before diving into configuration, it's important to understand the basics of firewalls:

  • Inbound Traffic: Data coming into your server.
  • Outbound Traffic: Data leaving your server.
  • Rules: Conditions that determine whether traffic is allowed or denied.

Firewall rules typically include:

  • Source IP Address: The origin of the traffic.
  • Destination IP Address: The intended recipient of the traffic.
  • Protocol: The type of traffic (e.g., TCP, UDP).
  • Port Number: The specific port on which the traffic is operating.

Installing iptables

Most Linux distributions come with iptables pre-installed. However, if it's not installed, you can install it using your package manager:

# For Debian/Ubuntu systems
sudo apt-get update
sudo apt-get install iptables

# For CentOS/RHEL systems
sudo yum install iptables

Basic iptables Commands

Here are some basic commands to get started with iptables:

  • List Rules: Display all current firewall rules.

    sudo iptables -L -v -n
    
  • Flush Rules: Remove all existing rules.

    sudo iptables -F
    
  • Save Rules: Save the current rules to a file (usually /etc/iptables/rules.v4).

    sudo sh -c "iptables-save > /etc/iptables/rules.v4"
    
  • Restore Rules: Load rules from a file.

    sudo iptables-restore < /etc/iptables/rules.v4
    

Configuring Basic Firewall Rules

Let's configure some basic firewall rules to allow SSH access and block all other incoming traffic.

  1. Allow SSH (Port 22):

    sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    
  2. Block All Other Incoming Traffic:

    sudo iptables -A INPUT -j DROP
    
  3. Allow Loopback Interface:

    sudo iptables -A INPUT -i lo -j ACCEPT
    
  4. Allow Established and Related Connections:

    sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    
  5. Save the Rules:

    sudo sh -c "iptables-save > /etc/iptables/rules.v4"
    

Advanced Firewall Configuration

Allowing HTTP and HTTPS Traffic

To allow web traffic on ports 80 (HTTP) and 443 (HTTPS):

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Allowing ICMP (Ping)

To allow ping requests:

sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

Logging Dropped Packets

To log dropped packets for monitoring purposes:

sudo iptables -N LOGGING
sudo iptables -A INPUT -j LOGGING
sudo iptables -A LOGGING -m limit --limit 2/min --limit-burst 10 -j LOG --log-prefix "IPTables-Dropped: "
sudo iptables -A LOGGING -j DROP

Best Practices

  • Backup Existing Rules: Always back up your current rules before making changes.

    sudo sh -c "iptables-save > /etc/iptables/rules.v4.bak"
    
  • Test Changes: Test new rules in a staging environment before applying them to production.

  • Use ip6tables for IPv6: If you need to manage both IPv4 and IPv6, configure ip6tables similarly.

  • Automate Rule Persistence: Use tools like iptables-persistent on Debian/Ubuntu or service iptables save on CentOS/RHEL to ensure rules persist after a reboot.

    # For Debian/Ubuntu systems
    sudo apt-get install iptables-persistent
    
    # For CentOS/RHEL systems
    sudo service iptables save
    

Conclusion

Firewall configuration is a critical aspect of securing your Linux server. By understanding the basics of iptables and implementing appropriate rules, you can significantly enhance your system's security posture. Always remember to test and validate your firewall settings to ensure they meet your specific requirements.

For more advanced configurations, consider exploring other firewall tools like nftables, which is a newer generation firewall framework that offers enhanced features and performance.


PreviousSecurity Best PracticesNext User Authentication

Recommended Gear

Security Best PracticesUser Authentication