{"id":1198,"date":"2018-12-20T11:38:21","date_gmt":"2018-12-20T06:08:21","guid":{"rendered":"https:\/\/www.coimbatorewebhosting.com\/blog\/?p=1198"},"modified":"2019-04-09T10:38:53","modified_gmt":"2019-04-09T05:08:53","slug":"setup-firewall-on-linux-server","status":"publish","type":"post","link":"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/","title":{"rendered":"How to setup the Firewall on Dedicated Linux Server"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Basic_Firewall_Setup_on_Dedicated_Linux_Server\" >Basic Firewall Setup on Dedicated Linux Server<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Installing_Firewall_on_Linux\" >Installing Firewall on Linux<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Lets_decide_which_Firewall_Ports_to_Block\" >Let\u2019s decide which Firewall Ports to Block<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Flush_Default_Firewall_Rules\" >Flush Default Firewall Rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Block_Common_Server_Attack_Routes\" >Block Common Server Attack Routes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Opening_Required_Ports\" >Opening Required Ports<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/setup-firewall-on-linux-server\/#Test_Firewall_Configuration\" >Test Firewall Configuration<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1 class=\"entry-title\"><span class=\"ez-toc-section\" id=\"Basic_Firewall_Setup_on_Dedicated_Linux_Server\"><\/span>Basic Firewall Setup on Dedicated Linux Server<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>A firewall will stop any unusual activities on one network from being passed on to another network. In most systems the Linux kernel is compiled with IP forwarding set to yes. This means is that if the computer has more than one network connected to it then network information will be passed directly from one network to the other as if it was physically connected.<\/p>\n<p>Forgetting to secure and configure a dedicated server firewall is a common mistake and a huge security flaw. Going into the firewall\u2019s configuration allows you to remove unnecessary software that\u2019s connected to the internet. This makes your server and its ports vulnerable to intrusion.<\/p>\n<p>Now, we can see how to setup basic firewall on<a href=\"https:\/\/www.squarebrothers.com\/dedicated-server-in-india\/\" rel=\"nofollow noopener\" target=\"_blank\"> dedicated linux server.<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Installing_Firewall_on_Linux\"><\/span>Installing Firewall on Linux<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>On Ubuntu\/Debian:<\/strong><\/p>\n<pre class=\"code-pre\">$ sudo apt-get install iptables<\/pre>\n<p><strong>On CentOS 7\/RHEL 7:<\/strong><\/p>\n<pre># yum install iptables-services<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Lets_decide_which_Firewall_Ports_to_Block\"><\/span>Let\u2019s decide which Firewall Ports to Block<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The first step in firewall installation is deciding which ports has to be left open on our dedicated server. This will vary based on what you are using the dedicated host for, if you are running a web server, you would likely want the following ports open:<\/p>\n<ul>\n<li>Web: 80 and 443<\/li>\n<li>SSH: Typically run on port 22<\/li>\n<li>Email: 110 (POP3), 143 (IMAP), 993 (IMAP SSL), 995 (POP3 SSL).<\/li>\n<\/ul>\n<p>Change your SSH port to a non-default port by reading our article on\u00a0changing your servers SSH port. Want your users to only use email over SSL? Block standard POP3 and IMAP ports in your firewall to force SSL use.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Flush_Default_Firewall_Rules\"><\/span>Flush Default Firewall Rules<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Run the below command to flush to default firewall rules.<\/p>\n<pre class=\"code-pre\"># iptables -F\r\n<\/pre>\n<h4><span class=\"ez-toc-section\" id=\"Block_Common_Server_Attack_Routes\"><\/span>Block Common Server Attack Routes<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>We have to run some standard commands here to block common attacks.<\/p>\n<p><strong>Block syn-flood packets:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp ! \u2013syn -m state \u2013state NEW -j DROP<\/pre>\n<p><strong>Block XMAS Packets:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp \u2013tcp-flags ALL ALL -j DROP\r\n<\/pre>\n<p><strong>Block null packets:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp \u2013tcp-flags ALL NONE -j DROP\r\n<\/pre>\n<h4><span class=\"ez-toc-section\" id=\"Opening_Required_Ports\"><\/span>Opening Required Ports<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Run the below command to open up the ports you need. Here are some examples for you to work,<br \/>\n<strong>Allow SSH Access:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp -m tcp \u2013dport 22 -j ACCEPT\r\n<\/pre>\n<p><strong>Open up LOCALHOST access:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -i lo -j ACCEPT\r\n<\/pre>\n<p><strong>Allow web traffic:<\/strong><\/p>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp -m tcp \u2013dport 80 -j ACCEPT<\/pre>\n<pre class=\"code-pre\"># iptables -A INPUT -p tcp -m tcp \u2013dport 443 -j ACCEPT\r\n<\/pre>\n<h4><span class=\"ez-toc-section\" id=\"Test_Firewall_Configuration\"><\/span>Test Firewall Configuration<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Run the following command to save the configuration and restart your firewall:<\/p>\n<pre class=\"code-pre\"># iptables -L -n<\/pre>\n<pre class=\"code-pre\"># iptables-save | sudo tee \/etc\/sysconfig\/iptables<\/pre>\n<pre class=\"code-pre\"># service iptables restart<\/pre>\n<p>The above steps will definitely provide you the setup of Firewall in your server.For more information related to IP address or how to block particular IP address <a href=\"https:\/\/www.coimbatorewebhosting.com\/blog\/block-ip-addresses-htaccess-file\/\">click here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Basic Firewall Setup on Dedicated Linux Server A firewall will stop any unusual activities on one network from being passed on to another network. In most systems the Linux kernel is compiled with IP forwarding set to yes. This means is that if the computer has more than one network [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1203,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[154,153],"tags":[65,129,128],"class_list":["post-1198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cpanel-whm","category-centos-7-rhel-7","tag-firewalld","tag-ip-tables","tag-ssh-port"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/12\/post-blog.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pa2YU7-jk","_links":{"self":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=1198"}],"version-history":[{"count":0,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1198\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/media\/1203"}],"wp:attachment":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=1198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=1198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=1198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}