From the course: Linux Tips
Firewall basics - Linux Tutorial
From the course: Linux Tips
Firewall basics
- [Instructor] A firewall is a piece of software that filters network traffic. Individual systems, and devices often have firewall software running on their network connection, and networks often have firewalls as well. Dedicated hardware ranging from your wifi router at home to enormously powerful firewall appliances used by organizations, and ISPs. Generally speaking, firewall software filters traffic passing through it in both directions. Outward to an external network, or zone, and inward to the network, or device it protects. It does this by looking at the packets of data that travel through it, and comparing them to sets of rules, and so firewall software is also called packet filtering software. A firewall can evaluate packets based on their source, and destination address, what protocol they're using, what port they're using, whether they're part of an ongoing interaction, or a new interaction, and many other parameters. In many cases, though, firewalls aren't configured to do a lot of filtering of packets traveling outward. So usually we only think of firewalls as a filter for incoming data, but it's important to remember they work both ways. Let's take a look at a scenario where a firewall would act on a packet. Let's say you have a home server, and you want to connect to it from your laptop. You might use SSH for this which works on port 22. So your local firewall, and the laptop would need to allow the packet out. As I mentioned that's usually how a firewall's configured so nothing special needs to be done there. If the server has a firewall active you'd need to establish a rule that says if packet comes to me on port 22 let it through, and then the packets from your computer would be allowed to flow to the SSH server. Any information that comes back to your computer through that SSH connection would need to be permitted to leave the server's firewall. Again, usually nothing needs to be done to let that happen, and it needs to come back to the SSH software on your laptop. But, generally, we don't need to write a rule to allow this because the laptop's firewall recognizes that the data coming back is related to the data that it sent out. So it basically says oh yeah, that's the information that I asked for. Let it through. You can configure firewalls to block related traffic, but doing so can break a lot of things. A web server would behave in much the same way as our SSH server though if it's on the web the traffic might flow through many firewalls on their way to and from the server. Firewalls can take other actions as well. There are two different kinds of ways for a firewall to block traffic instead of permitting it. These are generally drop, and reject. If a packet matches a rule that tells the firewall to drop access the firewall just doesn't pass the packet through to wherever it was trying to go. This is the default behavior for a firewall to take on packets that don't match any explicit rules. You can think of mail coming into a post office, and just being dropped on the floor. The sender isn't told that the letter is being dropped on the floor, or ignored. Rules can also be written to tell the firewall to reject a packet. Instead of just ignoring it the firewall sends back a notification to the sender of the packet that says it was, well, rejected. You can see the difference in behavior if you tried to communicate with a system using these different modes. A firewall rule with drop would just never respond, and the request from the client would just time out. And one with reject would respond immediately, and tell you to go away. And if a firewall is running on a system configured to route network traffic you can write rules that take an action to forward packets instead. These rules permit traffic to flow from one system through another to a third system. So many of the rules that dedicated firewall devices, and home routers use act in this way. There are a few different firewall software packages you are likely to see including iptables, and pf. Iptables is common on Linux, and pf is common on operating systems in the BSD world like FreeBSD, and MacOS. In the next few episodes of this series we'll take a look at iptables, and a front end application to make working with it easier called UFW. Stay tuned.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
Foundations: What's Linux?5m 26s
-
Foundations: Distros10m 50s
-
(Locked)
Foundations: Installing Linux in a virtual machine6m 30s
-
(Locked)
Foundations: USB installer7m 46s
-
(Locked)
Foundations: Installing Linux5m 17s
-
(Locked)
Foundations: Dual-booting your system4m 18s
-
(Locked)
Foundations: Core Utilities4m 40s
-
(Locked)
Foundations: Linux on a VPS4m 2s
-
(Locked)
Linux on Azure7m 21s
-
(Locked)
Google Cloud Platform3m 37s
-
(Locked)
Linux on DigitalOcean6m 39s
-
-
-
System basics: The Linux file system6m 35s
-
(Locked)
System basics: The command line5m 23s
-
(Locked)
System basics: Keyboard shortcuts1m 40s
-
(Locked)
System basics: sudo access and root4m 57s
-
(Locked)
System basics: Explore a system4m 38s
-
(Locked)
System basics: Exploring Bash7m
-
(Locked)
System basics: Bash scripting basics4m 59s
-
(Locked)
System basics: The Bash prompt6m 2s
-
(Locked)
System basics: Bash output redirection4m 57s
-
(Locked)
Bash expansions and substitutions4m 23s
-
Bash aliases and functions4m 7s
-
(Locked)
Bash operators6m 55s
-
Logs5m 4s
-
(Locked)
Grub3m 19s
-
(Locked)
SysV init4m 43s
-
(Locked)
Systemd5m 29s
-
(Locked)
Cron8m 7s
-
(Locked)
Understanding chroot3m 16s
-
(Locked)
System basics: User and group management8m 39s
-
(Locked)
System basics: Service management3m 44s
-
(Locked)
Backing up data with rsync5m 35s
-
(Locked)
Splitting and combining files3m 3s
-
(Locked)
Environment configuration files2m 43s
-
(Locked)
Working with dotfiles1m 43s
-
(Locked)
Exploring the PATH variable3m 51s
-
(Locked)
Browsing with the directory stack3m 19s
-
(Locked)
Finding or locating files3m 52s
-
(Locked)
Working with swap4m 29s
-
(Locked)
Read and write caches3m 5s
-
(Locked)
Terminals, consoles, and TTYs4m 27s
-
(Locked)
Exploring journalctl5m 2s
-
-
-
Files on Linux4m 10s
-
(Locked)
File system basics: Archives6m 22s
-
(Locked)
File system basics: Permissions 1014m 43s
-
(Locked)
Loop devices4m 35s
-
(Locked)
Configuring group file shares4m 37s
-
Managing space on the file system5m 3s
-
(Locked)
Overlay file systems4m 17s
-
Bind mounts2m
-
(Locked)
Modifying the file system table7m 44s
-
(Locked)
Sticky bit4m 39s
-
(Locked)
Access control lists4m 6s
-
-
-
Working with text: Vim 1015m 15s
-
(Locked)
Working with text: Emacs 1015m 42s
-
(Locked)
Working with text: nano 1015m 29s
-
(Locked)
Working with text: grep4m 23s
-
(Locked)
Working with text: Regular expressions4m 57s
-
(Locked)
Working with text: sed7m 24s
-
(Locked)
Working with text: AWK2m 51s
-
(Locked)
Working with text: cut and sort4m 14s
-
(Locked)
Working with text: ed 1016m 17s
-
-
-
Package management: Basics6m 59s
-
(Locked)
aptitude5m 43s
-
(Locked)
dpkg2m 20s
-
(Locked)
yum and DNF4m 58s
-
(Locked)
RPM3m 24s
-
(Locked)
Creating your own packages3m 12s
-
(Locked)
Adding third-party repositories with APT7m 6s
-
(Locked)
Adding third-party repositories with Yum1m 46s
-
(Locked)
Create a local APT repository7m 25s
-
(Locked)
Create an APT repository for your network5m 56s
-
(Locked)
Mirror repositories to save bandwidth3m 5s
-
(Locked)
Zypper4m 17s
-
(Locked)
Using Flatpak4m 11s
-
(Locked)
Using snaps3m 15s
-
(Locked)
Package management: PPAs4m 24s
-
(Locked)
Homebrew package management7m 43s
-
(Locked)
Using AppImage apps2m 34s
-
-
-
Remote files: curl and wget4m 42s
-
(Locked)
SSH: Secure access8m 8s
-
(Locked)
SSH: Transferring files with scp and sftp5m 59s
-
(Locked)
SSH: Managing and distributing keys6m 34s
-
(Locked)
SSH: Tunnels3m 46s
-
(Locked)
Browsing the web through a proxy server4m 28s
-
(Locked)
X11 forwarding2m 52s
-
(Locked)
Using a SOCKS proxy4m 53s
-
(Locked)
Using a Squid proxy8m 43s
-
(Locked)
Using mosh5m 11s
-
(Locked)
SSH: Reverse tunnel4m 1s
-
-
-
Process management: ps4m 30s
-
(Locked)
Process management: top4m 53s
-
(Locked)
Process management: htop6m 11s
-
(Locked)
Process management: System load2m 53s
-
(Locked)
Process management: fg, bg, and kill4m 35s
-
(Locked)
Manage terminal sessions with screen4m 17s
-
(Locked)
Manage terminal sessions with tmux3m 16s
-
(Locked)
Customizing tmux3m 32s
-
-
-
Firewall basics4m 5s
-
(Locked)
Understanding iptables6m 41s
-
(Locked)
Exploring UFW: Uncomplicated firewall5m 29s
-
(Locked)
File checksums3m 48s
-
(Locked)
Services: Network Time Protocol (NTP)3m 45s
-
(Locked)
Encrypting files7m 14s
-
(Locked)
Encrypted filesystems6m 58s
-
AppArmor4m 2s
-
(Locked)
Security systems: SELinux4m 33s
-
(Locked)
Firewalls: firewalld7m 41s
-
-
-
(Locked)
Disks and partitions6m 42s
-
(Locked)
Logical volume management9m 58s
-
(Locked)
Create a RAID array9m 10s
-
(Locked)
Repairing a RAID array4m 44s
-
(Locked)
Local IP address5m 15s
-
(Locked)
Predictable network interface names4m 51s
-
(Locked)
DNS5m 40s
-
(Locked)
VPN1m 43s
-
(Locked)
Exploring system hardware5m 7s
-
(Locked)
Drivers and modules4m 16s
-
(Locked)
Understanding QEMU and KVM2m 49s
-
(Locked)
Creating a VM with QEMU and KVM3m 46s
-
(Locked)
Private networking6m 37s
-
(Locked)
Routing and forwarding4m 26s
-
(Locked)
DHCP4m 55s
-
(Locked)
Network troubleshooting7m 42s
-
(Locked)
Wi-Fi on Linux4m 14s
-
(Locked)
Set up a secure tunnel with WireGuard8m 38s
-
(Locked)
Scanning network ports with Nmap4m 28s
-
(Locked)
-
-
(Locked)
Desktops: Basics3m 8s
-
(Locked)
Desktops: GNOME4m 41s
-
(Locked)
Desktops: Xfce4m 5s
-
(Locked)
Desktops: KDE Plasma Desktop2m 28s
-
(Locked)
Desktops: LXQt3m 42s
-
(Locked)
Desktops: i3wm5m 8s
-
(Locked)
Sharing your desktop with VNC5m 8s
-
(Locked)
Remote desktop login with xrdp5m 14s
-
(Locked)
Display geometry with GRUB5m 21s
-
(Locked)
Display geometry with xrandr4m 4s
-
(Locked)
-
-
(Locked)
Exploring Windows Subsystem for Linux2m 20s
-
(Locked)
Windows Subsystem for Linux7m 20s
-
(Locked)
Exploring virtualization5m 28s
-
(Locked)
Exploring containers5m 19s
-
(Locked)
Exploring Fedora3m 8s
-
(Locked)
Ubuntu desktop 18.042m
-
(Locked)
Changing the default shell3m 30s
-
(Locked)
Exploring other shells2m 5s
-
(Locked)
Blocking ads on your network with Pi-hole6m 35s
-
(Locked)
Exploring CentOS2m 6s
-
(Locked)
Exploring Zsh5m 41s
-
(Locked)
Osquery4m 28s
-
(Locked)
Exploring fish5m 21s
-
Exploring csh and tcsh2m 34s
-
(Locked)
Using diff to compare files3m 54s
-
(Locked)
Using xargs3m 41s
-
(Locked)
Configuring and managing logs4m 32s
-
(Locked)
Job control3m 59s
-
(Locked)
Using watch and time3m 5s
-
(Locked)
Recording a terminal session3m 14s
-
(Locked)
Exploring Debian1m 49s
-
(Locked)
Exploring SUSE Linux7m 33s
-
(Locked)
Exploring Arch Linux16m 44s
-
(Locked)
Exploring Alpine Linux6m 18s
-
(Locked)
Exploring Linux Mint5m 14s
-
(Locked)
Exploring Amazon Linux5m 8s
-
(Locked)
UNIX time and the 2038 problem6m 36s
-
(Locked)
Visual file management with Midnight Commander5m 42s
-
(Locked)
Terminal on the go5m 1s
-
(Locked)
FUSE and SSHFS3m 54s
-
(Locked)
Removing Linux4m 44s
-
(Locked)
WSL distros on Windows 103m 13s
-
(Locked)
Embedded Linux4m 25s
-
(Locked)
Exploring Netboot2m 43s
-
(Locked)
Exploring ZFS3m 53s
-
(Locked)
Docker on Linux5m 24s
-
(Locked)
-
-
(Locked)
Planning a home server6m 11s
-
(Locked)
Backups with rsync6m 18s
-
Linux on an old PC6m 7s
-
(Locked)
Creating a disk image with dd3m 54s
-
(Locked)
Mounting and writing disk images with dd7m 1s
-
(Locked)
Migrating to a new distro4m 33s
-
(Locked)
Planning a portable bootable disk3m 12s
-
(Locked)
Creating a portable bootable disk5m 30s
-
(Locked)
Host your own Apache web server5m 32s
-
(Locked)
Set up Let’s Encrypt on a web server5m 3s
-
Host a personal cloud with Nextcloud4m 50s
-
(Locked)
Hosting email services3m 7s
-
(Locked)
Set up a print server with CUPS6m 5s
-
(Locked)
Create a network PDF printer4m 37s
-
(Locked)
Remote logging with Rsyslog7m 12s
-
(Locked)
Set up a Git server4m 15s
-
(Locked)
NGINX web server4m 11s
-
(Locked)
Share files with a Samba server3m 35s
-
(Locked)
Set up an NFS server3m 58s
-
(Locked)
Monitoring your server2m 49s
-
(Locked)
Exploring Internet Relay Chat (IRC)6m 6s
-
(Locked)
Keep on learning!35s
-
(Locked)