To know more about the use of Firewalld on Linode, read our latest blog. Bobcares, as a part of our Linode Managed Services offers solutions to every query that comes our way.
Overview
- Firewalld on Linode
- Why Firewalld?
- Installation of Firewalld on Linode
- Configuration of Firewalld on Linode
- Advanced Firewalld Features
- Using Firewalld with Linode Cloud Firewall
- Best Practices
- Security Practices
- Troubleshooting Common Issues
- Conclusion
Firewalld on Linode
Firewalld is a powerful, user-friendly tool that makes managing firewall rules on Linux servers easy and effective. It’s commonly found on RHEL-based distributions (such as CentOS, AlmaLinux, and Rocky Linux), CentOS Stream, Fedora, and openSUSE Leap.
Why Firewalld?
Firewalld is a frontend tool for nftables (or iptables in older setups), providing dynamic, simplified firewall management. Here’s why it’s great for managing firewalls on Linode servers:
- Ease of Use: Simplifies firewall setup compared to manually configuring iptables.
- Enhanced Security: Controls network traffic, adding a layer of protection to the server.
- Flexibility: Makes real-time rule updates without disrupting active connections.
- Seamless Integration: Works well with Linode, complementing its security features.
Installation of Firewalld on Linode
Prerequisites
- A Linode VPS running CentOS, Fedora, or RHEL.
- Root or sudo access.
Installation Steps
1. Update Packages
sudo yum update -y # For CentOS/RHEL sudo dnf update -y # For Fedora
2. Install Firewalld
sudo yum install firewalld -y # For CentOS/RHEL sudo dnf install firewalld -y # For Fedora
3. Start and Enable Firewalld
sudo systemctl start firewalld sudo systemctl enable firewalld
4. Verify Status
sudo systemctl status firewalld
Configuration of Firewalld on Linode
1. Understanding Zones
Firewalld organizes network connections into “zones,” each with preset security levels:
Drop: Blocks all incoming connections without notification.
Public: For use in public, untrusted networks.
Home/Work: Trusted networks like home or workplace.
DMZ: For isolated servers in a Demilitarized Zone.
Trusted: Allows all network connections.
2. Common Commands
i. List Zones
sudo firewall-cmd --get-zones
ii. Set Default Zone
sudo firewall-cmd --set-default-zone=public
iii. View Active Zone
sudo firewall-cmd --get-active-zones
3. Managing Services and Ports
i. Allow HTTP and HTTPS Traffic
sudo firewall-cmd --zone=public --add-service=http --permanent sudo firewall-cmd --zone=public --add-service=https --permanent sudo firewall-cmd --reload
ii. Open a Custom Port (e.g., 8080)
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent sudo firewall-cmd --reload
iii. Remove a Service (e.g., SSH – use with caution)
sudo firewall-cmd --zone=public --remove-service=ssh --permanent sudo firewall-cmd --reload
Advanced Firewalld Features
Rich Rules: Rich rules offer advanced control for fine-tuning security:
Example: Allow SSH access only from a specific IP:
sudo firewall-cmd --permanent --add-rich-rule=' rule family="ipv4" source address="203.0.113.4" service name="ssh" accept' sudo firewall-cmd --reload
Masquerading (NAT)
Enable masquerading to allow the server to function as a router (useful for NAT setups):
sudo firewall-cmd --zone=public --add-masquerade --permanent sudo firewall-cmd --reload
Using Firewalld with Linode Cloud Firewall
Linode Cloud Firewall offers an added security layer at the network level, filtering unwanted traffic before it reaches the server. Here’s how using both firewalls together can improve security:
- Defense in Depth: Multiple firewalls add protection layers, making unauthorized access more challenging.
- Improved Performance: Linode Cloud Firewall blocks traffic before it reaches the server, saving resources.
- Enhanced Flexibility: Firewalld handles real-time changes, while Cloud Firewall manages broad, static rules.
Best Practices
- Consistency: Ensure both firewalls allow essential ports/services.
- Rule Order: Cloud Firewall rules apply first, followed by firewalld rules.
- Testing: Test connections after configuring to confirm access for legitimate traffic.
Security Practices
- Use the Least Privilege Principle: Open only the necessary ports/services.
- Stay Updated: Regularly update firewalld and system packages.
- Monitor Traffic: Review logs and monitor traffic for any unusual activity.
- Backup Configuration: Save firewall settings to restore them if needed.
Troubleshooting Common Issues
1. If we can’t connect to a service, we’ve to check firewalld Rules: Verify if the service or port is open:
sudo firewall-cmd --zone=public --list-all
Confirm the Linode Cloud Firewall allows the service.
2. If firewalld Not Starting, then, check Status:
sudo systemctl status firewalld
View Logs:
sudo journalctl -xe
By following this guide, we’ll have a secure, flexible firewall setup on Linode, combining firewalld’s easy management with Linode’s Cloud Firewall for comprehensive protection and smooth performance!
[Searching solution for a different question? We’re happy to help.]
Conclusion
By following this guide, we’ll have a secure, flexible firewall setup on Linode, combining firewalld’s easy management with Linode’s Cloud Firewall for comprehensive protection and smooth performance.
0 Comments