Linux - Linux Firewall Configuration (iptables / nftables / firewalld)

A firewall in Linux is a security system that controls incoming and outgoing network traffic. It allows administrators to define rules that permit or block connections based on IP addresses, ports, protocols, or services. Firewalls help protect a system from unauthorized access and network attacks.

Linux provides several firewall management tools such as iptables, nftables, and firewalld. These tools manage packet filtering rules inside the Linux kernel.

1. iptables

iptables is a traditional Linux firewall utility used to configure packet filtering rules. It works with different tables and chains that control how network packets are handled.

Important concepts in iptables:

  • Tables: Collections of rules used for specific purposes. Examples include filter, nat, and mangle.

  • Chains: Lists of rules that packets go through. Common chains are INPUT, OUTPUT, and FORWARD.

  • Rules: Conditions that determine whether packets are accepted, rejected, or dropped.

Example command:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

This command allows incoming SSH connections on port 22.

Another example to block traffic:

sudo iptables -A INPUT -s 192.168.1.10 -j DROP

This blocks all traffic coming from the specified IP address.

2. nftables

nftables is the modern replacement for iptables. It simplifies firewall configuration and improves performance by using a unified framework.

Advantages of nftables:

  • Simpler syntax

  • Better performance

  • Unified handling of IPv4 and IPv6

  • Easier rule management

Example command:

sudo nft add rule inet filter input tcp dport 22 accept

This rule allows incoming SSH traffic.

3. firewalld

firewalld is a dynamic firewall management tool used mainly in distributions such as Fedora, Red Hat, and CentOS. It provides an easier way to manage firewall rules without restarting the firewall service.

firewalld uses zones to define trust levels for network connections.

Common zones include:

  • public – for untrusted networks

  • home – for home networks

  • work – for work environments

Example command to allow HTTP service:

sudo firewall-cmd --add-service=http

To permanently allow the service:

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Importance of Linux Firewall Configuration

Firewall configuration is important for system security. It helps prevent unauthorized access, protects servers from attacks, and controls which services are available on the network. Proper firewall rules ensure that only necessary traffic is allowed while blocking suspicious or harmful connections.

In system administration, configuring firewalls correctly is an essential skill for maintaining a secure Linux environment.