Linux is more secure than other operating systems. But that's not the only reason why you might not need an antivirus or firewall while using Linux.

Linux isn't invulnerable. In fact, that's one of the most common cybersecurity myths that gets Linux users into trouble. This belief makes it easy to put your guard down, and when your guard is down, you're most likely to get sucker punched. But just because Linux has security holes doesn't mean you need antivirus or firewall software. Your choice of security settings will have been discussed in detail during the installation of your Linux system but you may not remember them by now. In this article, we will talk about configuring the firewall with the firewall-cmd command.

What Is a Firewall?

Firewalls are a key aspect of network security, thus a sysadmin should understand how they function. If you understand firewalls, you can keep your network safe by making informed decisions about which traffic to let in and out. A firewall is simply a filter that determines which network packets can come into your computer from the internet and which can leave your computer to the internet. It's mainly used to allow and/or disallow incoming connections. Outgoing connections are rarely filtered. In simple words, it is a sort of wall between your computer and the outside world.

Does Linux Need a Firewall?

This is nearly always a question. 99% of Linux users believe that Linux is secure by default. By default, almost all Linux distributions do not have a firewall. To be more precise, they have a dormant firewall. Because the Linux kernel includes a built-in firewall, and theoretically all Linux distributions include one, but it is not configured or active. But don't worry, even without an active firewall, your Linux is still safe. Most distributions, including Ubuntu and Linux Mint, have no open ports by default, ensuring that outsiders cannot access your machine. Nonetheless, I urge that you enable a firewall. It is preferable to be safe than sorry. We will further discuss how to configure the linux firewall using firewall-cmd.

What Is Iptables?

Iptables is a command-line firewall tool that allows or blocks traffic using policy chains. When a connection attempts to establish itself on your system, iptables searches its rule list for a match. If it cannot discover one, it falls back on the default action. iptables is nearly usually included with each Linux distribution. Iptables tends to use 3 different chains: input, forward, and output. With this, you can create different rulesets for different machines on the network, however, why not make it easier by using firewall-cmd! 

What Is firewall-cmd & firewalld?

Firewall-cmd is a command-line interface for the firewalld daemon, which communicates with the Linux kernel's netfilter framework. This stack is unlikely to be found on the embedded modems commonly found in small and medium-sized enterprises, but it is present on or available for any Linux distribution that supports systemd. Firewalld is a dynamically controlled firewall that supports network/firewall zones, which specify the level of trust for network connections or interfaces. It supports IPv4 and IPv6 firewall settings, as well as ethernet bridges and IP sets. Runtime and permanent configuration choices are separated. It also provides an interface via which services or programs may easily add firewall rules.

Configuring the Firewall with firewall-cmd

Depending on your linux distribution, you may or may not have the firewall-cmd command already installed. Without an operational firewall, firewall-cmd has nothing to control, thus the first step is to check that firewalld is running:

$ sudo systemctl enable --now firewalld

Zones are used as presets in Firewall-cmd, offering you reasonable options to pick from. This saves you from having to design a firewall from the ground up. Zones are assigned to network interfaces. Run the command below to check your zones: 

$ firewall-cmd --list-all-zones

If I wanted to create a new zone, I would use the command:

$ sudo firewall-cmd --new-zone [zonename] --permanent

Additionally, I can use the following commands to check which ports and services are allowed: 

$ firewall-cmd --list-services

$ firewall-cmd --list-ports

To check which zones are active, run the command:

$ sudo firewall-cmd --get-active-zones

To add a service and allow connections for that service, you use the –add-service argument as shown below:

$ sudo firewall-cmd --add-service http --permanent

The command above allows the http services to run in the default zone. If you want to specify the zone, you can run: 

$ sudo firewall-cmd --zone=public --add-service http --permanent

The command above allows http traffic for the zone “public”. To remove a service and block the connection, just remove it like below: 

$ sudo firewall-cmd --remove-service http --permanent $ sudo firewall-cmd --reload

Any time you make a change to the firewall using firewall-cmd, make sure to reload all the settings or else the change will not take effect. To check for additional arguments, you can run the command firewall-cmd –help.

Why firewalld & firewall-cmd?

You can do a lot more with firewall-cmd, such as define your own services, ICMP blocking, and designating sources of allowable incoming traffic. Although not overly suggested for enterprise-level security, firewall-cmd is still an excellent and viable solution for daily users and corporations alike that require a rapid degree of security. If you're new to Linux security, firewall-cmd is a wonderful way to get started with ipchains and iptables. Firewall-cmd allows you to quickly set up a basic firewall if you already know ipchains. Additionally, the runtime environment is readily modifiable. There is no requirement to restart the daemon or service. It is straightforward for services, programs, and users to modify firewall settings thanks to the firewalld D-Bus interface. This is useful for administrators since it allows for runtime testing and evaluation due to the separation of the runtime and permanent configuration.

Final Thoughts

The only time you'd need a firewall is if you're running some kind of server application on your system most of the time. In this case, a firewall will restrict incoming connections to certain ports, making sure that they can only interact with the proper server application. Again, there is no harm in not having a firewall activated on your Linux machine. All we are saying is that you should think about implementing a firewall using firewall-cmd for increased security!