To know more about the use of Firewalld on Linode, read our latest blog. Bobcares, as a part of our Linode Managed Services offers solutions to every query that comes our way.

Overview

1. Firewalld on Linode
2. Why Firewalld?
3. Installation of Firewalld on Linode
4. Configuration of Firewalld on Linode
5. Advanced Firewalld Features
6. Using Firewalld with Linode Cloud Firewall
7. Best Practices
8. Security Practices
9. Troubleshooting Common Issues
10. Conclusion

Firewalld on Linode

Firewalld is a powerful, user-friendly tool that makes managing firewall rules on Linux servers easy and effective. It’s commonly found on RHEL-based distributions (such as CentOS, AlmaLinux, and Rocky Linux), CentOS Stream, Fedora, and openSUSE Leap.

Why Firewalld?

Firewalld is a frontend tool for nftables (or iptables in older setups), providing dynamic, simplified firewall management. Here’s why it’s great for managing firewalls on Linode servers:

• Ease of Use: Simplifies firewall setup compared to manually configuring iptables.

• Enhanced Security: Controls network traffic, adding a layer of protection to the server.

• Flexibility: Makes real-time rule updates without disrupting active connections.

• Seamless Integration: Works well with Linode, complementing its security features.

Installation of Firewalld on Linode

Prerequisites

• A Linode VPS running CentOS, Fedora, or RHEL.

• Root or sudo access.

Installation Steps

1. Update Packages

sudo yum update -y # For CentOS/RHEL
sudo dnf update -y # For Fedora

2. Install Firewalld

sudo yum install firewalld -y # For CentOS/RHEL
sudo dnf install firewalld -y # For Fedora

3. Start and Enable Firewalld

sudo systemctl start firewalld
sudo systemctl enable firewalld

4. Verify Status

sudo systemctl status firewalld

Configuration of Firewalld on Linode

1. Understanding Zones

Firewalld organizes network connections into “zones,” each with preset security levels:

Drop: Blocks all incoming connections without notification.

Public: For use in public, untrusted networks.

Home/Work: Trusted networks like home or workplace.

DMZ: For isolated servers in a Demilitarized Zone.

Trusted: Allows all network connections.

2. Common Commands

i. List Zones

sudo firewall-cmd --get-zones

ii. Set Default Zone

sudo firewall-cmd --set-default-zone=public

iii. View Active Zone

sudo firewall-cmd --get-active-zones

3. Managing Services and Ports

i. Allow HTTP and HTTPS Traffic

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload

ii. Open a Custom Port (e.g., 8080)

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

iii. Remove a Service (e.g., SSH – use with caution)

sudo firewall-cmd --zone=public --remove-service=ssh --permanent
sudo firewall-cmd --reload

Advanced Firewalld Features

Rich Rules: Rich rules offer advanced control for fine-tuning security:

Example: Allow SSH access only from a specific IP:

sudo firewall-cmd --permanent --add-rich-rule='
rule family="ipv4"
source address="203.0.113.4"
service name="ssh" accept'
sudo firewall-cmd --reload

Masquerading (NAT)

Enable masquerading to allow the server to function as a router (useful for NAT setups):

sudo firewall-cmd --zone=public --add-masquerade --permanent
sudo firewall-cmd --reload

Using Firewalld with Linode Cloud Firewall

Linode Cloud Firewall offers an added security layer at the network level, filtering unwanted traffic before it reaches the server. Here’s how using both firewalls together can improve security:

• Defense in Depth: Multiple firewalls add protection layers, making unauthorized access more challenging.

• Improved Performance: Linode Cloud Firewall blocks traffic before it reaches the server, saving resources.

• Enhanced Flexibility: Firewalld handles real-time changes, while Cloud Firewall manages broad, static rules.

Best Practices

• Consistency: Ensure both firewalls allow essential ports/services.

• Rule Order: Cloud Firewall rules apply first, followed by firewalld rules.

• Testing: Test connections after configuring to confirm access for legitimate traffic.

Security Practices

• Use the Least Privilege Principle: Open only the necessary ports/services.

• Stay Updated: Regularly update firewalld and system packages.

• Monitor Traffic: Review logs and monitor traffic for any unusual activity.

• Backup Configuration: Save firewall settings to restore them if needed.

Troubleshooting Common Issues

1. If we can’t connect to a service, we’ve to check firewalld Rules: Verify if the service or port is open:

sudo firewall-cmd --zone=public --list-all

Confirm the Linode Cloud Firewall allows the service.

2. If firewalld Not Starting, then, check Status:

sudo systemctl status firewalld

View Logs:

sudo journalctl -xe

By following this guide, we’ll have a secure, flexible firewall setup on Linode, combining firewalld’s easy management with Linode’s Cloud Firewall for comprehensive protection and smooth performance!

[Searching solution for a different question? We’re happy to help.]

Conclusion

By following this guide, we’ll have a secure, flexible firewall setup on Linode, combining firewalld’s easy management with Linode’s Cloud Firewall for comprehensive protection and smooth performance.