How to Manage Firewalld and UFW on Linux

A firewall is a software that acts as a protective barrier between a user’s system and external networks, allowing or blocking packets based on predefined rules. Firewalls operate mainly at the network layer, handling both IPv4 and IPv6 packets.

The decision to allow or block a packet is based on rules defined in the firewall. These rules can be either built-in or user-defined. Each packet that enters or leaves the network must pass through this firewall, where it is evaluated based on these rules.

Linux systems provide multiple firewall management tools, with the most common being Firewalld and UFW. In this article, we will focus on these two tools, explaining their functionality and how to manage them on modern Linux distributions.

What is Firewalld?

Firewalld is a dynamic firewall management tool that is included in many Linux distributions such as RHEL, CentOS, Fedora, and more. It provides a higher-level, user-friendly interface for managing firewall rules and network zones.

Firewalld allows two types of configuration:

• Permanent: These rules persist across system reboots.
• Runtime: These rules are temporary and are lost when the system or service restarts.

Firewalld organizes network traffic into zones, allowing different sets of rules for various networks, like public, internal, or trusted networks.

Firewalld’s configuration is stored in two directories:

• /usr/lib/firewalld: Default configurations that may be overwritten by system updates.
• /etc/firewalld: System-specific configurations that persist across reboots and updates.

Managing Firewalld Service in RHEL Systems

Here are some common commands to manage Firewalld on RHEL-based distributions:

Start Firewalld:

systemctl start firewalld

Stop Firewalld:

systemctl stop firewalld

Check Firewalld Status:

systemctl status firewalld

Check the state of Firewalld:

firewall-cmd --state

Enable Firewalld at boot:

systemctl enable firewalld

Disable Firewalld:

systemctl disable firewalld

Mask Firewalld (Prevents it from being started):

systemctl mask firewalld

Unmask Firewalld:

systemctl unmask firewalld

What is UFW?

UFW (Uncomplicated Firewall) is the default firewall management tool for Ubuntu and some other Linux distributions.

UFW is an easier-to-use frontend for managing firewall rules with iptables and it is designed to make managing a firewall simpler for users who do not need the full complexity of iptables.

Managing UFW Service in Debian Systems

Here are some common commands to manage UFW on Debian-based distributions:

Enable UFW:

sudo ufw enable

Disable UFW:

sudo ufw disable

Check UFW status:

sudo ufw status

Adding and Managing Rules with UFW

Here are the basic commands to manage UFW:

Allow a specific port on UFW (e.g., HTTP port 80):

sudo ufw allow 80

Deny a specific port on UFW:

sudo ufw deny 80

Allow SSH traffic on UFW:

sudo ufw allow ssh

Delete a rule on UFW:

sudo ufw delete allow 80

Enable logging for UFW:

sudo ufw logging on

Conclusion

In this article, we covered the basics of managing Firewalld and UFW in modern Linux distributions. Both Firewalld and UFW are powerful tools for managing network traffic and protecting your system from unauthorized access.

Firewalld provides dynamic firewall management with support for zones and complex rule sets, making it ideal for more advanced users and servers. UFW, on the other hand, is perfect for users who need a simpler and more user-friendly tool for managing firewall rules, especially on desktop or lightweight server environments like Ubuntu.

Understanding and using firewalls effectively is a crucial skill for anyone managing a Linux system, helping to secure your network from potential threats.