Skip to content

Firewalls

Today we will learn about firewalls, their types, and how to configure them for network security.

Explanation

Firewalls are security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between trusted internal networks and untrusted external networks.

Key Concepts:

Hardware Firewalls: Dedicated devices (e.g., routers with firewall capabilities).
Software Firewalls: Applications running on hosts (e.g., Windows Firewall).
Next-Generation Firewalls (NGFW): Advanced firewalls with deep packet inspection, intrusion prevention, etc.

Technical:

How Firewalls Work:

Firewalls inspect packets at the network layer (stateless) or application layer (stateful). They allow or block traffic based on rules like IP addresses, ports, and protocols.

Security Benefits:

Prevent unauthorized access, block malicious traffic, and protect against attacks like DDoS and port scanning.

How to setup one properly:

General Best Practices

  1. Use the principle of least privilege: Only allow necessary traffic.
  2. Regularly update rules and firmware.
  3. Enable logging for monitoring.
  4. Combine with other security measures like IDS/IPS.

Client (Host-Based Firewalls)

Configure firewalls on your local machine.

Linux/macOS

  1. Use UFW (Uncomplicated Firewall) on Linux:
  2. Install: sudo apt install ufw (Ubuntu).
  3. Enable: sudo ufw enable
  4. Allow SSH: sudo ufw allow ssh
  5. Deny all incoming: sudo ufw default deny incoming
  6. On macOS: Use built-in firewall in System Preferences > Security & Privacy > Firewall.

Windows

  1. Enable Windows Defender Firewall:
  2. Go to Control Panel > System and Security > Windows Defender Firewall.
  3. Configure rules:
  4. Allow specific apps or ports.
  5. Block inbound connections by default.
  6. Use PowerShell for advanced config:
  7. Enable: Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Note: Test rules to avoid locking yourself out.

Server Setup

For network-level firewalls:

Linux

  1. Use iptables or nftables:
  2. Example iptables rule: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  3. Save rules: sudo apt install iptables-persistent
  4. For servers, use fail2ban to block brute-force attacks.

Windows

  1. Use Windows Firewall with Advanced Security:
  2. Open Windows Defender Firewall > Advanced settings.
  3. Create inbound/outbound rules based on ports and IPs.
  4. For servers, integrate with Azure Firewall or third-party appliances.

Note: For cloud environments, use cloud provider firewalls (e.g., AWS Security Groups).

Samples:

Example UFW Status Output

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

Example iptables Rule

-A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT

(Allows HTTP traffic on eth0.)

Example Windows Firewall Rule (PowerShell)

New-NetFirewallRule -DisplayName "Allow SSH" -Direction Inbound -Protocol TCP -LocalPort 22 -Action Allow
  • Use UFW/iptables on Linux, Windows Firewall on Windows.
  • Enable stealth mode to hide ports.
  • Monitor logs regularly.
  • Consider NGFW for advanced protection.