Firewalls

Firewalls are security systems that control network traffic based on predetermined security rules.

What is a Firewall?

A firewall:

• Monitors incoming and outgoing traffic
• Applies rules to allow or deny traffic
• Acts as barrier between trusted and untrusted networks
• Can be hardware, software, or cloud-based
• First line of defense against unauthorized access

Types of Firewalls

Stateless Firewall

• Examines each packet independently
• Doesn't track connection state
• Faster but less intelligent
• Older technology

Stateful Firewall

• Tracks active connections
• Allows related traffic automatically
• More intelligent filtering
• Standard in modern systems

Application-Level Firewall (WAF)

• Works at application layer
• Can understand HTTP requests
• Protects against application attacks
• More resource intensive

Linux Firewall: iptables

Basic Concepts

# Chains: INPUT (incoming), OUTPUT (outgoing), FORWARD (forwarded)
# Targets: ACCEPT, DROP, REJECT, LOG
# Matches: protocol, port, IP address, interface

Common Commands

# List current rules
sudo iptables -L -v

# Set default policies
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT

# Allow SSH
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Save rules
sudo iptables-save > /etc/iptables/rules.v4

UFW: Uncomplicated Firewall

Simpler interface to iptables for Ubuntu/Debian:

# Enable firewall
sudo ufw enable

# Allow ports
sudo ufw allow 22 # SSH
sudo ufw allow 80 # HTTP
sudo ufw allow 443 # HTTPS

# Check status
sudo ufw status verbose

# Reset to defaults
sudo ufw reset

Best Practices

• Start with deny-all policy
• Allow only necessary ports
• Restrict SSH access to known IPs
• Log suspicious activity
• Regularly review rules
• Test rules before deployment
• Document why each rule exists