So why firewall? This is a question that comes to every person involved in the security of the IT infrastructure of an organization. Every year many cyberattacks happen to our IT infrastructure by hackers. These people have one motto that is to turn down the system, ask for ransom, sabotage the image of an organization, and many more. This is our responsibility to keep ourselves ready for any such incidence and keep our country safe from any such activities. Therefore, to keep our younger generation abreast with the technological advancements so I had started this initiative.
In this article, I will discuss the basics of a firewall and in subsequent articles, I will discuss the implementation of a firewall and the use of its different features.
A firewall is the first line of defense from outsiders in a network. They can be both software and hardware. This software helps our network from any danger which might sabotage our system. Technically, it is a protective system that secures a network by filtering incoming and outgoing traffic. We can do this by defining custom rules in the firewall.
There are majorly eight types of firewalls:
- Packet-filtering firewall
- Circuit-level firewall
- Stateful inspection firewall
- Application-level firewall
- Next-gen firewall
- Software firewall
- Hardware firewall
- Cloud firewall
The primary purpose of the firewall is to block threatening traffic from entering our local private network.
As described in Figure 1 the legitimate connection is forwarded and the threatening connection is blocked.
The working of a firewall depends upon opening and closing of ports or blocking and unblocking of applications running on the system. It depends on the system administrator of the machine to identify whether a particular application or port should be blocked to allowed to interact with the outside world as shown in Figure 2.
The Linux kernel in Ubuntu has a packet filtering system called Netfilter and iptables are the suite of commands to configure it. Since configuring them is a daunting task, therefore, there’s are many alternatives for this, and one of the alternatives is UFW(uncomplicated firewall). This is a frontend used for iptables. We will be discussing in our subsequent articles these technologies and installation, configuration, and deployment of Pfsense (Firewall with a web-based frontend).
Firewalls basically block ports that are not required for communication by the system. It generally uses three simple commands – drop, reject and accept/allow traffic.
Let us understand these commands:
- Drop – The packets which are coming inside the system or leave are blocked directly.
- Reject – This is the same as a drop but the sender of the data will receive an error message about the rejection of the packet by the firewall.
- Accept/allow – The packets will pass through the firewall.
These three commands are already defined within the firewall as a default policy. By using simple commands like:
To activate the firewall in Ubuntu we use the following commands, on the command line:
$ sudo ufw enable
To apply default rule on incoming and outgoing traffic:
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
To open port 80 for apache to work seamlessly on the internet or in other words, open HTTP traffic coming inside the webserver:
$ sudo ufw allow http or $ sudo ufw allow 80
By allowing the traffic on port 80 means that traffic is allowed to come inside the server from the internet and access service running on the webserver. If you want to block the incoming traffic on port 80 then follow this command.
$ sudo ufw deny http or $ sudo ufw deny 80
I hope you have understood the working of the firewall. In my next article, I will demonstrate the installation of Ubuntu on a Windows machine and running firewall commands on it. If you like to article then do share it on the internet. In my subsequent articles, I will explain the installation of a web-based frontend firewall, its installation, and configuration.
Until then happy reading and keep yourself safe from Wuhan Virus.