Firewall management

Getting to Know firewalld

© Lead Image © Gino Santa Maria, Fotolia.com

© Lead Image © Gino Santa Maria, Fotolia.com

Article from Issue 227/2019
Author(s):

Managing a firewall can be a hassle, but it's worse to manage a breach because you didn't have one.

Afirewall is an important part of a security strategy. However, it is only one component and not a security panacea for reasons that will become clear later in this article. A host-based firewall protects the local system just as a network firewall protects an entire network or part of a network, such as a DMZ.

On CentOS 7 and newer, Red Hat Enterprise Linux 7 and newer, and Fedora 18 and newer, the default firewall is firewalld (see the "Features" box for more information.) If you use a Red Hat-based distribution, then you probably have it already. If you use other distributions, firewalld is available via git and as a tarball [1]. Firewalld uses zones to define trust levels of network connections or interfaces. (Zones are an advanced topic not covered in this article; look for a future article covering firewalld zones).

Troubleshooting Firewalls

Sys admins of all skill levels have wasted countless hours troubleshooting a problem that ended up pointing to a firewall that has prevented remote access to a service. The term "remote" is important. Firewalls don't prevent access to local services; firewalls prevent access from remote systems across the network but not access from the local system itself. The point of a firewall is to deny everything from the outside except what you specifically allow in. Unfortunately, frustration with firewall rules often ends in the firewall being disabled by an otherwise well-meaning sys admin.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Getting to Know Firewalld

    Managing a firewall can be a hassle, but it’s worse to manage a breach because you didn’t have one.

  • Firewalld and OpenSnitch

    For maximum security, you'd better watch traffic in both directions. This hands-on workshop takes you through the steps of setting up firewalls for outgoing as well as incoming traffic.

  • GUI Firewall Tools

    Setting up a comprehensive firewall with netfilter and iptables is complicated. Graphic user interfaces seek to take the worries out of this demanding task.

  • Firewalls Intro

    Firewalls are becoming evermore sophisticated. Luckily, the tools for managing firewalls are becoming simpler and more accessible for ordinary users

  • De-Perimeterization

    Enterprises and organizations used to feel protected behind the firewall, but now VPNs, e-commerce, web services, and Web 2.0 have put an end to the comfort. The network perimeter is losing its significance, and the time has come for a new approach to security.

comments powered by Disqus