Linux Tactic

Mastering Firewalld: Essential Concepts for Linux Security

Introduction to Firewalld on CentOS 8

Nowadays, system security is more important than ever. As cyber threats continue to grow more advanced, the use of firewalls in your system becomes critical.

A firewall is a security tool that monitors and filters network traffic to prevent unauthorized access or malicious activity. In this article, we will discuss Firewalld, a firewall management tool that is available in CentOS 8 Linux.

Basic Firewalld Concepts

Before delving into Firewalld, let’s review some basic concepts that will help us understand its functionalities. First, zones determine the trust level of your network interfaces and sources and apply the respective firewall rules to them.

Firewalld offers various zones such as public, external, internal, dmz, work, home, and trusted. Second, Firewalld uses services to specify network protocols and ports that are allowed or blocked in your system.

By using predefined service definitions, we can simplify firewall rule management. Third, the firewall-cmd is the primary command-line tool that interacts with Firewalld.

Lastly, Firewalld has module options such as nftables and iptables which allow you to choose either a traditional Linux firewalling through iptables or the newer nftables firewalling system.

Prerequisites

To use Firewalld, you must have root or sudo privileges. In other words, you will need administrative access to your system to configure and manage firewall rules.

Firewalld Zones

Firewalld zones are an essential part of your firewall configuration. They define the security level of your network connection by specifying a set of rules for incoming and outgoing traffic.

Depending on your network configuration, you can assign different zones to network interfaces. In the next sections, we will explore how to manage zone configurations.

Overview of Zones

Every network connection in your system is assigned to a zone, which determines the level of trust allowed for this connection. As mentioned earlier, Firewalld has several built-in zones such as public, external, internal, dmz, work, home, and trusted.

Each zone has its set of rules that determine the level of access allowed for incoming and outgoing traffic. The public zone is the default zone, and it blocks all incoming traffic except for responses to outgoing traffic.

This zone is suitable for public WLAN access points, where you don’t trust the network you’re connected to. The external zone blocks almost all traffic except for the services you explicitly enable.

The internal zone is designed for trusted internal networks, such as Intranet, and it allows more traffic than the public zone. The DMZ zone is often used for web servers, and it only allows web traffic.

The work zone for secure work environments and the home zone provide less restrictive rules for your connections. The trusted zone is suitable for trusted secure networks.

Changing Zone Targets

By default, the target for zones is set to ACCEPT, which means that all incoming packets are generally allowed. However, we can change the target to either REJECT or DROP, depending on our security requirements.

If we set the target to REJECT, the packets are rejected and unreachable for the sender, while DROP silently discards them.

Assigning Interface to a Different Zone

To change the zone for an interface, we need to modify the corresponding rule for that interface. For example, if we want to assign the work zone to the eth1 interface, we can use the following command.

sudo firewall-cmd –zone=work –change-interface=eth1

Changing the Default Zone

The default zone is the zone assigned to all network connections that are not explicitly assigned to a specific zone. To change the default zone, we can use the “set-default-zone” command followed by the desired zone name.

sudo firewall-cmd –set-default-zone=home

Conclusion

Firewalld is a robust firewall management tool that helps you control your system’s incoming and outgoing traffic. By using Firewalld, you can define security rules for different zones and assign network interfaces to trusted or untrusted zones.

Understanding Firewalld’s basic concepts and features is crucial for enhancing your system’s security and reducing the risk of unauthorized access. So, it’s highly recommended to learn and explore the advanced functionalities of Firewalld for better security control.

FirewallD Services

FirewallD services are predefined rules that make it easy to control inbound traffic on your network. By allowing specific services, you can enable Incoming traffic for a specific set of ports and protocols.

With FirewallD, you have two types of services: predefined and user-created.

Overview of Services

Predefined services are those provided by FirewallD itself, such as HTTP, DNS, SSH, and FTP. On the other hand, user-created services are services that can be defined by users outside of the predefined profiles.

User-created services can be created using XML files that define the required ports and protocols. When a specific service is enabled, the corresponding ports are opened in the firewall for incoming traffic.

FirewallD supports three protocols: tcp, udp, and sctp. Dccp can also be used, but it requires the dccp kernel module, which is usually not installed by default.

Opening Ports and Source IPs

To open traffic to a specific port, we can use the “add-port” command. For example, to allow incoming web traffic on port 80, we can use the following command.

sudo firewall-cmd –add-port=80/tcp –permanent

The “–permanent” flag ensures that this configuration is saved permanently. If we want to allow traffic only from a trusted IP address, we can use the “add-source” flag as shown below.

sudo firewall-cmd –add-source=192.168.0.100/24 –add-port=8080/tcp –permanent

This will allow traffic from the IP address 192.168.0.100, only on port 8080.

Creating a New FirewallD Service

FirewallD also allows users to create custom services. For instance, if we want to define a custom service for Plex media server, we can follow these steps:

1.

Create a new XML file in /etc/firewalld/services, for example, plexmediaserver.xml

2. Open the file with your preferred editor and add the following contents:

Plex media server service

Enables access to Plex media server

3.

Save the file

4. Reload the firewall configuration

sudo firewall-cmd –reload

The new service should now be available, and we can use it to open the required ports with the “add-service” command.

Forwarding Ports

FirewallD also provides the ability to forward traffic from one interface to another port in a different zone using the “forward-port” option. This feature is useful for NAT (Network Address Translation) setups.

For example, to forward traffic from the external interface on port 8080 to a server running on the internal interface (192.168.1.2) on port 80, we can use the following command. sudo firewall-cmd –zone=external –add-forward-port=port=8080:proto=tcp:toaddr=192.168.1.2:toport=80 –permanent

Masquerading can also be used to forward traffic from one interface to another.

It is used to hide the address of the internal network from the public network. To enable masquerading, we can use the command below.

sudo firewall-cmd –zone=external –add-masquerade –permanent

Enabling FirewallD

FirewallD is enabled by default on CentOS 8, but it’s important to check and verify that the daemon is running in case it has been disabled.

Overview of FirewallD

We can check the status of FirewallD with the “systemctl” command, as shown below.

sudo systemctl status firewalld

This will give you an overview of the daemon’s status. You can also use the following commands to interact with FirewallD:

Checking and Verifying FirewallD

– get-zones: List all the defined zones in the system

– get-active-zones: List all active zones, indicating the interface’s name and zone

– list-all: List all rules created in the running firewalld

– list-all-zones: List all zones’ rules, both defined and active

– list-permanent: List all permanent rules

– list-services: List all defined services

– list-sources: List all allowed sources

Creating New Zones

Creating a new zone requires managing the zone’s rules, assigning an interface to it, and defining the services allowed in the zone. Suppose we want to create a zone for a memcached service.

In that case, we can follow these steps:

1. Create a new zone, such as memcached zone

sudo firewall-cmd –permanent –new-zone=memcached

2.

Add the memcached service to the new zone

sudo firewall-cmd –zone=memcached –add-service=memcached –permanent

3. Assign the interface to the new zone

sudo firewall-cmd –zone=memcached –add-interface=eth1 –permanent

4.

Reload the firewall configuration

sudo firewall-cmd –reload

Conclusion

FirewallD is a powerful Linux firewall that provides advanced features and flexibility in managing your system’s network traffic. In this article, we’ve covered the basics of FirewallD, including zones, services, and enabling FirewallD.

We also looked at how to open ports, create new FirewallD services, forward ports, and create new zones. With this knowledge, you should be able to configure FirewallD to suit your needs and keep your system secure.

Conclusion

In this article, we have explored the essential concepts of FirewallD, including zones, services, enabling FirewallD and creating new zones. We also looked at how to open ports, create new FirewallD services, forward ports, and create new zones.

Finally, we will discuss the importance of proper firewall configuration for maintaining system security and control of incoming connections.

Importance of Proper Firewall Configuration

Proper firewall configuration is crucial to ensuring the security and proper functioning of your system. Firewalls are designed to protect your system from unauthorized access, malicious attacks and prevent unnecessary connections.

When a firewall is configured properly, it can block unwanted traffic and allow only authorized traffic to pass through. One of the biggest concerns with firewalls is the possibility of unexpected traffic being blocked.

This is why it’s important to have proper planning and testing in place when setting up your firewall. A firewall that blocks too much traffic can impact your system’s usability, disallowing important services or applications.

Meanwhile, a firewall that allows too much traffic could expose your system to risk. When configuring your firewall, you should start by creating a list of the services and applications that require network access.

This should include both inbound and outbound traffic. You should also consider the sources of incoming traffic and whether they are trusted or not.

It’s also essential to continuously monitor your firewall configuration to ensure that it remains up-to-date and optimized. Firewall rules can change over time, and new configurations may be necessary as services or applications are added or removed from the system.

Consider scheduling regular assessments of your firewall and firewall rules to ensure they apply the latest threat intelligence and keep the system secure. Another best practice to consider when configuring your firewall is to enable two-factor authentication for all critical services.

This helps to further ensure that only trusted users have access. In conclusion, FirewallD is an important tool in controlling and securing incoming traffic.

Proper firewall configuration can significantly reduce the risks associated with unauthorized access, prevent security breaches and ensure the efficient functioning of your system. Remember to take the time to plan and test your firewall configuration and continuously monitor it to maintain its effectiveness over time.

Keep sensitive data protected and secure your system with a well-configured firewall. In conclusion, proper configuration of Firewalld is vital for maintaining system security and controlling incoming connections.

By understanding the concepts of zones, services, and port management, you can effectively manage and secure your network traffic. It is crucial to plan and test your firewall configuration, regularly monitor and update it, and consider enabling two-factor authentication for critical services.

A well-configured firewall helps protect against unauthorized access, prevents security breaches, and ensures the efficient functioning of your system. Take the necessary steps to configure your firewall properly and safeguard your system from threats to maintain a secure and protected environment.

Popular Posts