logo

    Step-by-Step Guide: Using Firewalld to Open Ports and Enhance Firewall Protection

    skycentral.co.uk | Step-by-Step Guide: Using Firewalld to Open Ports and Enhance Firewall Protection

    Introduction

    Firewalls are an essential component of any secure computing environment. They act as a barrier between a trusted internal network and untrusted external networks, effectively preventing unauthorized access to your system. In Linux, firewalld is a dynamic and powerful firewall management tool that allows administrators to configure and manage firewall settings with ease. In this guide, we will walk you through the process of using firewalld to open ports and enhance firewall protection on your Linux system.

    What is Firewalld?

    Firewalld is a front-end tool for managing the netfilter firewall, which is built into the Linux kernel. It provides a simple and user-friendly interface for managing firewall rules and settings. Unlike the traditional iptables command-line tool, firewalld makes it easy for administrators to configure and maintain the firewall without having to memorize complex command syntax.

    Basic Concepts

    Before we delve into the specifics of using firewalld, it’s important to understand some basic concepts related to firewall management. Firewalld uses concepts like zones, services, and ports to define firewall rules. A zone is a predefined set of rules that define the level of trust for a network interface. Services are predefined or custom applications that can be used to define rules for specific network services. Ports are specific network endpoints that can be opened or closed to allow or deny traffic.

    Installing Firewalld

    Firewalld comes installed by default on most modern Linux distributions, but if it’s not already installed on your system, you can easily install it using the package manager for your distribution. For example, on a Debian-based system, you can install firewalld using the following command:

    “`
    sudo apt-get install firewalld
    “`

    On a Red Hat-based system, you can use the following command to install firewalld:

    “`
    sudo yum install firewalld
    “`

    After the installation is complete, you can start and enable the firewalld service using the following commands:

    “`
    sudo systemctl start firewalld
    sudo systemctl enable firewalld
    “`

    Understanding Firewalld Zones

    Firewalld uses different zones to define the level of trust for various network interfaces. Each network interface on your system is assigned to a specific zone, which determines the firewall rules that will be applied to traffic passing through that interface. The default zones in firewalld include the public, internal, and external zones, each with its own set of rules.

    To view the available zones on your system, you can use the following command:

    “`
    sudo firewall-cmd –get-zones
    “`

    You can also view the default zone assigned to each network interface using the following command:

    “`
    sudo firewall-cmd –get-active-zones
    “`

    It’s important to understand the concept of zones and how they affect firewall rules before configuring the firewall using firewalld.

    Managing Ports in Firewalld

    Ports are specific endpoints on a network interface that applications use to communicate with each other. In firewalld, you can open or close specific ports to allow or deny traffic to and from those ports. To open a port in firewalld, you can use the following command:

    “`
    sudo firewall-cmd –zone=public –add-port=8080/tcp –permanent
    “`

    This command adds a rule to the public zone to allow traffic on port 8080 using the TCP protocol. The –permanent option makes the rule persistent across firewall restarts.

    You can then reload the firewall to apply the changes using the following command:

    “`
    sudo firewall-cmd –reload
    “`

    To remove a port from the firewall, you can use the following command:

    “`
    sudo firewall-cmd –zone=public –remove-port=8080/tcp –permanent
    “`

    Managing Services in Firewalld

    In addition to managing ports, firewalld allows you to define rules for specific network services using predefined or custom service definitions. To list the available services in firewalld, you can use the following command:

    “`
    sudo firewall-cmd –get-services
    “`

    You can then add a service to a specific zone using the following command:

    “`
    sudo firewall-cmd –zone=public –add-service=http –permanent
    “`

    This command adds a rule to the public zone to allow HTTP traffic. You can similarly remove a service from the firewall using the –remove-service option.

    Creating Custom Services

    If the service you want to configure is not included in the predefined list of services, you can create a custom service definition in firewalld. Custom service definitions are XML files that specify the ports and protocols required for a specific service. The custom service files are stored in the /etc/firewalld/services/ directory.

    To create a custom service in firewalld, you can start by creating an XML file with the required service definition. For example, if you want to create a custom service for a game server running on port 7777, you can create a file called mygame.xml with the following content:

    “`xml


    My Game Server
    Custom service for my game server

    “`

    You can then copy the XML file to the /etc/firewalld/services/ directory to make it available to firewalld. After creating the custom service file, you can add it to a specific zone using the following command:

    “`
    sudo firewall-cmd –zone=public –add-service=mygame –permanent
    “`

    Conclusion

    In this guide, we have covered the basics of using firewalld to manage firewall rules and settings on a Linux system. By understanding the concepts of zones, services, and ports, and learning how to manage them using firewalld commands, you can enhance the security of your system and protect it from unauthorized access. Firewalld provides a user-friendly interface for managing firewall rules, making it easy for administrators to configure and maintain a secure firewall environment. By following the step-by-step guide provided in this article, you can effectively use firewalld to open ports and enhance firewall protection on your Linux system.