February 11, 2023

Linux iptables with Gufw Firewall

While firewalls remain an important network defensive tool, commercial firewall vendors have gone in seemingly different directions when it coems to managing firewalls.  It's important that people entering the security field have a good grasp of generic firewall capabilities.  A good way of learning about firewalls is using iptables available on almost every Linux distro.  A tool that can help getting started is Gufw Firewall.

The Linux firewall is iptables.  Using iptables the root user (or equivalenty) uses access control lists (ACLs) to define filtering policies.  ACLs can be multiple lines long with each line of the ACL being an access control element or ACE.  ACLs and  ACEs should be ordered from the leact specific match policies to the most specific policies.  That means that specific hosts and protocols to be blocked should be defined first (at the top of the table) and whole networks that should be later. 

If you are just getting started with firewalls and want to deploy a restrictive policy consider this command: 'iptables -P INPUT DROP'.  This command configures the firewall so that every connection that originates from the outside interface is dropped until explicitly allowed by an ACL. This configuration; where traffic is denied by default is a standard feature of most firewalls and referred to as an implicit deny.  

The iptables firewall in Linux is configured and maintained using a command line interface (CLI).  It'd important that firewall administrators learn how that CLI, but getting started it can be difficult.  I recommend the use of the Gufw Firewall utility, an open source graphical user interface (GUI) utility that is supported on many distros.  Using the Gufw utility the admin can configure basic policies and compare the GUI amd command line output.