Configuring firewalld - Anwer Sadath

Project Overview

firewalld is a dynamic firewall management tool for Linux systems. It provides a flexible and user-friendly interface to manage network traffic using zones, services, and rules. This project demonstrates how to configure and manage firewalld to secure your system effectively.

1. Key Concepts

Packet Filtering Mechanism

firewalld organizes packet filtering into three main structures:

Tables: Define rules for traffic processing (e.g., filter, nat, mangle).
Chains: Series of rules applied to packets (e.g., INPUT, OUTPUT, FORWARD).
Targets: Actions taken when a packet matches a rule (e.g., ACCEPT, DROP, REJECT).

Tables

Tables determine how packets are processed:

Filter Table: Handles general packet filtering (INPUT, FORWARD, OUTPUT chains).
NAT Table: Manages Network Address Translation (PREROUTING, POSTROUTING, OUTPUT chains).
Mangle Table: Alters packets (e.g., TOS field modification).

Chains

Chains are sets of rules applied to packets:

INPUT: For packets destined for the local system.
OUTPUT: For packets generated by the local system.
FORWARD: For packets routed through the system.

Targets

Targets define the action for matched packets:

ACCEPT: Allow the packet.
DROP: Discard the packet silently.
REJECT: Discard the packet and send an error response.

2. Configuration Steps

Installing and Starting firewalld

Install firewalld using yum:

sudo yum install firewalld

Start and enable firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Checking Rules and Services

List current rules:

sudo firewall-cmd --list-all

List all predefined services:

sudo firewall-cmd --get-services

Reloading firewalld

Reload firewalld to apply changes:

sudo firewall-cmd --reload

Make changes permanent:

sudo firewall-cmd --permanent [command]

Managing Zones

List all available zones:

sudo firewall-cmd --get-zones

List active zones:

sudo firewall-cmd --get-active-zones

View rules for a specific zone (e.g., public):

sudo firewall-cmd --zone=public --list-all

Adding and Removing Services

Add a service (e.g., HTTP):

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Remove a service:

sudo firewall-cmd --remove-service=http --permanent
sudo firewall-cmd --reload

Blocking Specific IP Addresses

Block traffic from a specific IP:

sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.88" reject' --permanent
sudo firewall-cmd --reload

Blocking ICMP Traffic

Block incoming ICMP traffic:

sudo firewall-cmd --add-icmp-block-inversion --permanent
sudo firewall-cmd --reload

Remove the block:

sudo firewall-cmd --remove-icmp-block-inversion --permanent
sudo firewall-cmd --reload

Blocking Outgoing Traffic

Block traffic to a specific IP (e.g., Facebook):

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 157.240.214.35 -j REJECT
sudo firewall-cmd --reload

3. Conclusion

firewalld is a powerful tool for managing network security on Linux systems. By following these steps, you can configure firewalld to meet your specific security requirements.