Setup a Stateful Firewall with Iptables
Iptables is an open source application that is used for network packet filtering and can be configured to act as a stateful firewall. By default, iptables can act as a stateless firewall. But in this article, we’ll see how to set up a stateful firewall with the help of them.
A stateful firewall can be a powerful tool for protecting your server from unwanted traffic. It will allow connections that are established to pass through but block new ones. You can use these rules to restrict which services are allowed in and out of your network. This is important for securing your servers from unwanted traffic, such as DDoS attacks.
To set up stateful firewall using iptables , follow these steps:
– Block incoming traffic on port 22 (SSH) only from the IP address 22.214.171.124 using ufw
– Allow outgoing connections for TCP ports 80, 443 and ICMP traffic through your server’s public interface using iptables
- ALLOW tcp — anywhere anywhere tcp dpts : 80 , 443 , icmp state RELATED, ESTABLISHED -j ACCEPT
- ALLOW icmp — anywhere anywhere state NEW limit rate 20 /second ACCEPT
-Allow SSH clients that are already connected to continue with their sessions echo “Allowing existing connections”
- FORWARDOP [ 0:0] -A INPUT -i eth+ ! lo -m state –state ESTABLISHED,RELATED -j ACCEPT
- ALLOW tcp — anywhere anywhere tcp dpts : 22 state NEW , RELATED, ESTABLISHED flow
-Allow SSH connections on port 443 (for non-SSH traffic)
- iptables -t filter -I OUTPUT 0:443 ! dev docker0 \ && iptables -A OUTPUT — out-interface dev docker0 tcp spts : 80 , 443 ACCEPT
The above rules will allow services like website access on TCP ports 80 and 443 via the public interface. Also it allows SSH connections on port 22, but restricts it to the IP address 126.96.36.199 only via the public interface and also allows SSH connections on port 443 (for non-SSH traffic).
Now that you have completed these steps , save your iptables firewall ruleset with this command:
- service iptables save
Note : Remember that if you are configuring a stateful firewall setup for your server, then it is very important to set up ssh access using key based authentication instead of password authentication . It ‘s because anyone who has physical access or can reach through remote login ports like telnet/ssh over internet could easily launch DDoS attack against any system without even needing an account credentials! So either disable remote login for all services except ssh or use key based authentication.
What is difference between iptables and Firewalld?
- Iptables is a linux kernel-based packet filtering tool while firewalld is new to RHEL/CentOS distributions. It allows the admin to configure the firewall by specifying port numbers or service names instead of configuring rules for each IP address or network interface card (NIC). FirewallD uses zones, which are predefined groupings of network connections. For example, you can define a zone for public networks or home/office networks etc.
- Firewalld also supports rich language to create rules that are easier to understand and support -rich language. FirewallD allows the creation of user-defined chains in addition to built-in ones like INPUT , OUTPUT , and FORWARD . This is not possible in iptables.
- While both tools provide the same functionality , firewalld provides more features than iptables and hence many sysadmins prefer to use FirewallD over iptables. Some of these are listed below:
- – FirewallD uses zones, which are predefined groupings of network connections. This makes it easier to manage the firewall by providing a more intuitive way to group and identify traffic .
- – FirewallD also supports rich language for creating rules that are easier to understand, which is not possible in iptables
What are the advantages of having a Stateful Firewall in Linux?
There are many advantages of using stateful firewalls over traditional packet filtering-based firewalls. Some of these include:
– It allows you to track connection states, which means that it can distinguish between new and existing connections. This enables a stateful firewall to dynamically open and close ports as required, allowing only new connections that are initiated from the outside of your network.
– A stateful firewall is able to filter traffic based on predefined rules, which can be used for restricting access to specific hosts or services. For example, you could configure iptables to block all traffic except for SSH connections from a specific host or IP address.
– A stateful firewall records information about connection packets and saves it in the ipt_state table. This means that you can use this log information later on if any issues occur with your server, allowing you to easily troubleshoot network-related problems.
With iptables, it is possible to create a stateful firewall that can act as an effective mechanism for hardening your server’s security by implementing port filtering and restricting access to specific hosts or services.