Pareto Security
Pareto Security
Pricing Contact
Start for Free

Existing customer? Login

CIS ISO NIST CSF Essentials SOC

Firewall is on and configured

Time to fix

< 5m

What

A firewall prevents unauthorized contact from other computers on the Internet or on your network. Linux systems use various firewall solutions including ufw, firewalld, and iptables to control network traffic.

Why you should enable the firewall

An active firewall blocks unwanted network connections and prevents potential attackers from accessing services running on your system. It's your first line of defense against network-based attacks.

Default deny policy

A properly configured firewall follows a "default deny" policy, blocking all incoming connections except those explicitly allowed. This reduces your attack surface significantly.

Check firewall status

First, determine which firewall system your distribution uses:

Ubuntu/Debian (UFW)

Check UFW status:

sudo ufw status verbose

Enable UFW if not active:

sudo ufw enable

Set default policies (recommended):

sudo ufw default deny incoming
sudo ufw default allow outgoing
Recommended UFW Settings

For optimal security, always configure UFW with these default policies:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This creates a "default deny" policy that blocks all incoming connections while allowing outbound traffic, providing maximum security with minimal configuration.

Fedora/CentOS/RHEL (firewalld)

Check firewalld status:

sudo firewall-cmd --state
sudo firewall-cmd --list-all

Enable firewalld if not active:

sudo systemctl enable --now firewalld

Set default zone (usually public is appropriate):

sudo firewall-cmd --set-default-zone=public

Arch Linux (iptables/nftables)

Check iptables rules:

sudo iptables -L -n -v

For basic protection, install and enable ufw:

sudo pacman -S ufw
sudo systemctl enable --now ufw
sudo ufw enable

Basic firewall configuration

Allow essential services

For UFW (Ubuntu/Debian):

# Allow SSH (be careful with remote systems!)
sudo ufw allow ssh

# Allow HTTP/HTTPS if running web server
sudo ufw allow 'Apache Full' # or nginx
sudo ufw allow 443/tcp

For firewalld (Fedora/CentOS/RHEL):

# Allow SSH
sudo firewall-cmd --permanent --add-service=ssh

# Allow HTTP/HTTPS
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

# Reload to apply changes
sudo firewall-cmd --reload

Testing and verification

Verify your firewall is working:

# Test from another machine
nmap -sS [your-ip-address]

# Check listening ports
sudo netstat -tuln
# or
sudo ss -tuln
SSH Warning

Be extremely careful when configuring firewalls on remote systems. Always ensure SSH access is allowed before enabling the firewall, or you may lock yourself out of the system.

Pro Tips
  • Use fail2ban alongside your firewall for additional protection against brute force attacks
  • Regularly review and update your firewall rules
  • Consider using port knocking for additional SSH security
  • Log dropped connections to monitor attack attempts
Important Notes
  • Firewalls don't protect against all types of attacks
  • Applications can still be vulnerable even behind a firewall
  • Keep your system and applications updated regardless of firewall status
  • Consider using application-level firewalls for additional protection