Proper firewall configuration is crucial for securing a Linux server.

A Linux firewall acts as a barrier between your server and potential threats from the internet, controlling incoming and outgoing network traffic based on predetermined security rules. Here’s an overview of Linux firewall configuration for setting up a robust firewall on your Linux server.


 Linux Firewall


A firewall on a Linux server can be managed using various tools and utilities such as `iptables`, `firewalld`, and `nftables`. Each of these tools provides different features and levels of control, allowing you to implement a firewall that meets your specific security needs.


 Linux Firewall Config


To begin configuring your Linux firewall, you need to choose the appropriate tool for your system. `iptables` is a common choice for many administrators due to its flexibility and powerful rule-based system. Here’s a basic example of how to set up a firewall config using `iptables`:


  1. Install `iptables`:

sudo apt-get install iptables
  1. Basic `iptables` Configuration:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT   # Allow SSH

   sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT   # Allow HTTP

   sudo iptables -A INPUT -j DROP                       # Drop all other traffic
  1. Save the Configuration:

sudo iptables-save > /etc/iptables/rules.v4

 Linux Firewall Configuration


Using `firewalld` is another method to configure a Linux firewall. `firewalld` provides a dynamic way to manage the firewall with support for zones and services.


  1. Install `firewalld`:

sudo apt-get install firewalld
  1. Start and Enable `firewalld`:

sudo systemctl start firewalld

   sudo systemctl enable firewalld
  1. Configure `firewalld`:

sudo firewall-cmd --zone=public --add-service=ssh --permanent   # Allow SSH

   sudo firewall-cmd --zone=public --add-service=http --permanent  # Allow HTTP

   sudo firewall-cmd --reload                                      # Reload the configuration

 Linux Server Firewall


For more advanced configurations, `nftables` offers a powerful and flexible way to manage your Linux server firewall. It is designed to replace `iptables` and provides a unified framework for both IPv4 and IPv6 packet filtering.


  1. Install `nftables`:

sudo apt-get install nftables
  1. Basic `nftables` Configuration:

   Create a configuration file (e.g., `/etc/nftables.conf`) with the following rules:

table inet filter {

       chain input {

           type filter hook input priority 0; policy drop;

           ct state established,related accept

           iif lo accept

           tcp dport 22 accept

           tcp dport 80 accept


  1. Apply the Configuration:

sudo nft -f /etc/nftables.conf

By understanding and utilizing these tools, you can effectively configure your Linux firewall to protect your Linux server. Whether you choose `iptables`, `firewalld`, or `nftables`, each method provides robust options for securing your server against unauthorized access and potential threats.

About the Author: Vladislav Antoseac

Share This Post, Choose Your Platform!

Request a Consultation