+5 votes
70 views
Install and Use Firewalld in Ubuntu

in Security by (552k points)
reopened | 70 views

1 Answer

+3 votes
Best answer

How to use Firewalld in Ubuntu

Security in any operating system is a key aspect that both administrators and developers take seriously since some vulnerability can put the integrity of the system and user information at risk. To help mitigate this, in Ubuntu we have Firewalld which is a comprehensive security solution.
Firewalld is a simple firewall which is based on zones and through policies each of the zones can be configured to manage the firewall rules, at this point it is important to remember that the network is logically divided into zones and all the traffic flowing there may be directed by policy..

 

Policies are able to apply firewall rules to all current types of traffic such as inbound, forwarded or outbound traffic, Firewalld is tied to the following zone criteria:

 

Firewall criteria

 

  • Traffic enters a single zone
  • Traffic leaves a zone
  • A zone can determine the level of confidence

 

 

Firewall Advantages
Some of the advantages of Firewalld are:

 

  • It has support for IPv4, IPv6 firewall configuration, ethernet bridges and IP pools
  • It has an interface for services or applications
  • Full D-Bus API
  • IPv4 and IPv6 NAT support
  • Integrated firewall zones
  • It has a graphical configuration tool through gtk3
  • Managing applets using Qt5
  • Simple logging of denied packets
  • Port forwarding management, icmp filter and more
  • Predefined list of icmp zones, services and types
  • Blocking and access to a white list of applications which the firewall can modify

 

 

 

Firewalld systems
Firewalld can be used in systems like:

 

  • RHEL 7 and later
  • CentOS 7 and newer
  • Fedora 18 and later
  • SUSE 15 and later
  • OpenSUSE 15 and later
  • Ubuntu 20 and above

 

 

Firewall Compatibility
The applications and libraries that are compatible with Firewalld being used as a firewall management tool are:
  • NetworkManager
  • libvirt
  • podman
  • docker (iptables backend)
  • fail2ban

 

 

TechnoWikis will teach you how to install and use Firewalld on Ubuntu.

 

To stay up to date, remember to subscribe to our YouTube channel!
SUBSCRIBE ON YOUTUBE

 

How to use Firewalld in Ubuntu

 

Step 1

We open the terminal and first update the system:
 sudo apt update 
image

 

Step 2

We install Firewalld with the command:
 sudo apt install firewalld 
image

 

Step 3

Confirm the process by entering the letter S:

 

image

 

Step 4

We enable and start the Firewalld service:
 sudo systemctl enable firewalld sudo systemctl start firewalld 
image

 

step 5

We validate the status of Firewalld:
 sudo firewall-cmd --state 
image

 

step 6

We see that it is running. In case of using UFW in Ubuntu you must disable it with the command:
 sudo ufw disable 
image

 

step 7

Now it is time to configure Firewalld, to see the configuration of the rules we execute the following:
 sudo firewall-cmd --list-all 
image

 

Note
The ssh and dhcpv6-client services are enabled by default when starting the firewalld service.

 

step 8

To see the protected services we execute:
 sudo firewall-cmd --get-services 
image

 

step 9

To enable a protocol permanently we execute:
 sudo firewall-cmd --add-service="protocol" –permanent 
image

 

step 10

To enable two or more protocols we execute the syntax:
 sudo firewall-cmd --permanent --add-service={protocol, protocol1} --permanent 
image

 

step 11

To enable a TCP port we execute:
 sudo firewall-cmd --add-port=#/tcp --permanent 
image

 

step 12

To enable a UDP port we execute:
 sudo firewall-cmd --add-port=#/udp --permanent 
image

 

step 13

To create a new zone we execute the syntax:
 sudo firewall-cmd --new-zone="zone" –permanent 
image

 

step 14

If we want to add a port and protocol in that zone we enter:
 sudo firewall-cmd --zone="zone" --add-port=”port”/tcp –permanent 
image

 

step 15

To establish a default zone we execute:
 sudo firewall-cmd --set-default-zone="zone_type" --permanent 
EITHER:
 sudo firewall-cmd --set-default-zone="zone_type" 
image

 

step 16

We list the zone to which a network interface belongs:
 sudo firewall-cmd --get-zone-of-interface=“interface” –permanent 
image

 

step 17

We see that no zone is detected, we add the network interface to a zone:
 sudo firewall-cmd --zone=<zone> --add-interface= “interface” –permanent 
image

 

step 18

We list the zone to which a network interface belongs again:
 sudo firewall-cmd --get-zone-of-interface= “interface” –permanent 
image

 

step 19

We list the rich rules (if they exist):
 sudo firewall-cmd --list-rich-rules 
image

 

step 20

Some extra parameters of Firewalld are the following:

 

  • --get-default-zone : show the default zone for connections and interfaces
  • --get-log-denied – Allows you to view the log denied setting
  • --set-default-zone=zone. sets the default zone denier for connections and interfaces in those cases where no zone has been selected
  • --permanent --new-zone=zone – Add a new, empty, permanent zone
  • --permanent --get-policies – Displays the predefined policies in a space-separated list format
  • --permanent] --info-policy=policy: display information about the indicated policy
  • --permanent --new-policy=policy: add a new permanent policy
  • -permanent --delete-policy=policy: deletes an available permanent policy
  • --debug-gc : enable garbage collector information
  • --nofork: disable the use of daemons and run as a foreground process

 

This is how firewalld allows you to manage the rules to improve security in Ubuntu..

 


by (3.5m points)
edited

Related questions

+3 votes
1 answer
+5 votes
1 answer
asked Oct 24, 2019 in Linux / Unix by backtothefuture (552k points) | 258 views
+4 votes
1 answer
asked Aug 21, 2019 in Security by backtothefuture (552k points) | 338 views
+4 votes
1 answer
asked Nov 11, 2019 in Linux / Unix by backtothefuture (552k points) | 386 views
+3 votes
1 answer
asked Sep 28, 2019 in Linux / Unix by backtothefuture (552k points) | 717 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users