Skip to main content

Firewall Configuration

A proper firewall configuration ensures that only essential traffic is allowed while unauthorized traffic is blocked. In this way, the firewall acts as a protective barrier between the secure internal network and potentially untrusted external networks, such as the internet.

Configuration with IpTables

iptables is a firewall rule management tool in Linux, used to control network traffic by defining which packets can enter, exit, or pass through the system. It allows you to configure security policies to filter, redirect, and block traffic based on various criteria such as IP, port, and protocol. For example:

  1. Generic command to open a specific port with iptables (replace <PORTA> with the desired port number)

    Terminal input
        iptables -A INPUT -p tcp --dport <PORTA> -j ACCEPT

  2. Save the iptables rules

    Terminal input
        service iptables save

  3. Reload the iptables service

    Terminal input
        service iptables reload

In some Linux distributions, iptables may not be enabled by default. Use the following commands to check and enable iptables:

  1. Check if iptables is installed

    Terminal input
        sudo iptables -L

  2. Install iptables if necessary

    2.1 For RHEL-based systems

    Terminal input
        sudo yum install iptables-services

    2.2 For OpenSUSE

    Terminal input
        sudo zypper install iptables

Configuration with firewalld

firewalld is a dynamic firewall manager for Linux that provides a simplified interface to configure and manage firewall rules in real time. It supports trust zones and allows flexible security policies without restarting the network service. For example:

  1. Generic command to open a specific port with firewalld (replace <PORTA> with the desired port number)

    Terminal input
        sudo firewall-cmd --zone=public --add-port=<PORTA>/tcp --permanent

  2. Reload the rules

    Terminal input
        sudo firewall-cmd --reload

Here is how to configure PostgreSYS component ports in firewalld:

  1. Defining the ports

    Terminal input
    PORTAS=(5432 80 443 6432 8008 9187 8080 1982 2379 2380 9090 3000 9093)

    for PORTA in "${PORTAS[@]}"; do
        sudo firewall-cmd --zone=public --add-port=${PORTA}/tcp --permanent
    done

  2. Reload the rules to apply the changes

    Terminal input
    sudo firewall-cmd --reload

If you need to install and enable firewalld:

  1. Installation

    • Enterprise Linux

      Terminal input
          sudo dnf install firewalld

    • OpenSUSE

      Terminal input
          sudo zypper install firewalld

  2. Enable firewalld to start on boot

    Terminal input
        sudo systemctl enable firewalld

  3. Start the firewalld service

    Terminal input
        sudo systemctl start firewalld