Problem Statement
Explain firewall configuration in Linux using iptables and firewalld. How do you allow or block network traffic?
Explanation
Iptables is the traditional Linux firewall managing packet filtering rules. Rules organized in chains (INPUT for incoming, OUTPUT for outgoing, FORWARD for routed packets) within tables (filter, nat, mangle). View rules with iptables -L -n -v. Rules processed sequentially - first matching rule applies, so order matters.
Basic iptables rules: iptables -A INPUT -p tcp --dport 22 -j ACCEPT allows SSH, iptables -A INPUT -p tcp --dport 80 -j ACCEPT allows HTTP, iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT allows traffic from specific subnet, iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT allows established connections. Set default policy: iptables -P INPUT DROP drops all not explicitly allowed.
Persist iptables rules with iptables-save > /etc/iptables/rules.v4 and restore with iptables-restore < /etc/iptables/rules.v4. Install iptables-persistent package on Debian/Ubuntu for automatic persistence. Delete rule: iptables -D INPUT rule_number. Insert rule at specific position: iptables -I INPUT 1 rule inserts at top.
Firewalld (default on RHEL/CentOS 7+) provides dynamic firewall management with zones concept. List zones: firewall-cmd --get-zones. Default zone: firewall-cmd --get-default-zone. Add service: firewall-cmd --add-service=http --permanent (permanent flag persists across reboots). Add port: firewall-cmd --add-port=8080/tcp --permanent. Reload: firewall-cmd --reload applies changes.
Firewalld zones: public (default for public interfaces, limited access), internal (trusted internal networks), dmz (DMZ with limited external access), trusted (all traffic allowed). Rich rules provide advanced control: firewall-cmd --add-rich-rule='rule family=ipv4 source address=1.2.3.4 reject' --permanent. Understanding firewall management is essential for securing Linux servers against unauthorized access.