1. Home
  2. Training Library
  3. Linux Security and Hardening | CSL4 A3.1 |

Example Firewall Rules

Start course
3h 21m

In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.

You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.

In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.

You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.

There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.

Learning Objectives

  • Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn about multi-factor authentication and how it can be implemented in Linux
  • Learn techniques and strategies to secure network services
  • Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits

Let's look at a few example rules. Here's how you would block all packets originating from the IP address of The dash capital A input option will append the rule that follows it to the input chain. Since no table was specified, the filter table is assumed. The source address was specified with a dash S option, followed by the source IP address. The target or where to jump to is specified by dash J DROP. When you display this rule using IP tables dash N followed by capital L, you see that the target is DROP, the source is the two dot 16 IP address, and the destination is, which means anywhere. Here are two more rules. The first rule accepts TCP packets destined to port 22 from the network. This will allow SSH connections from that network. The forward slash on your screen is the line continuation character. If I had enough room on this screen, I would have left that out and put this command on one line. The second IP tables command a pens or rule that blocks all TCP connections that are inbound to port 22. This is one way you can allow SSH access from your company network and then block all other SSH connections. If a packet is matched, it jumps to the target. If a packet does not match, it gets evaluated by the next rule in the chain. The first IP tables example here on your screen inserts a rule into the input chain. The rule limits TCP packets that are destined for port 80. This is one way you can fight against a dos attack on your web server. The second rule is more specific in that it uses the state module to only match new connections. Net filter provides connection tracking, so it knows if a packet is a new packet or part of an established connection. To create a custom chain, use the dash capital N option, followed by the name of the chain you want to create. Like the other commands, use dash T followed by a table name to specify a table. If no table has given the filter table is assumed. If you want to delete your chain, use the dash capital X option followed by the chain name. The IP tables command allows you to manipulate FireWall rules in real time, but it doesn't save the state or make it persist between reboots. Each distribution does this slightly differently, but the concept is the same. The running rules are dumped to a configuration file and then that configuration file is used to load the rules when the IP tables service is started at boot time. For Debian based systems like Ubuntu, you can install the IP tables dash persistent package. That will allow you to run the net filter dash persistent save command, which stores the running IP tables configuration in the slash Etsy slash IP tables directory. For CentOS or RedHat systems, you can use the service IP table save command. This will save the rules to the slash Etsy slash cis config slash IP tables file and will be reloaded on boot. If you're using CentOS or RedHat version seven or later, this might not be installed by default. This brings us to our final topic on IP tables. You can use rappers or front ends to net filter and IP tables. For example, RedHat version seven ships with FireWall D. You can use the FireWall D command to create rules, but IP tables is being used in the background to do the actual work. Likewise, on Ubuntu systems, you can use UFW, which stands for Uncomplicated FireWall. There are other options and even graphical front ends like G UFW, which is the gooey for a UFW and system dash config dash firewall.

About the Author