Skip to content

Linux Firewall Configuration

Jump to bottom
Mattscreative edited this page Dec 5, 2025 · 2 revisions

Linux Firewall Configuration Guide

Complete beginner-friendly guide to firewalls on Linux, covering Arch Linux, CachyOS, and other distributions including UFW, firewalld, and iptables configuration.

Table of Contents

  1. Understanding Firewalls
  2. UFW Setup
  3. firewalld Setup
  4. iptables Basics
  5. Troubleshooting

Understanding Firewalls

What is a Firewall?

Firewall controls network traffic to/from your system.

Types:

  • Packet filter: Blocks/allows packets
  • Stateful: Tracks connections
  • Application: Controls by application

Why use a firewall:

  • Security: Block unauthorized access
  • Privacy: Control outgoing traffic
  • Protection: Prevent attacks

UFW Setup

Install UFW

Arch/CachyOS:

# Install UFW
sudo pacman -S ufw

# Enable service
sudo systemctl enable --now ufw

Debian/Ubuntu:

sudo apt install ufw
sudo ufw enable

Fedora:

sudo dnf install ufw

Configure UFW

Basic setup:

# Default deny incoming
sudo ufw default deny incoming

# Default allow outgoing
sudo ufw default allow outgoing

# Enable firewall
sudo ufw enable

Allow Services

Allow specific ports:

# Allow SSH
sudo ufw allow 22/tcp

# Allow HTTP
sudo ufw allow 80/tcp

# Allow HTTPS
sudo ufw allow 443/tcp

# Allow by service name
sudo ufw allow ssh

firewalld Setup

Install firewalld

Arch/CachyOS:

# Install firewalld
sudo pacman -S firewalld

# Enable service
sudo systemctl enable --now firewalld

Fedora:

sudo dnf install firewalld
sudo systemctl enable firewalld

Configure firewalld

Using firewall-cmd:

# Check status
sudo firewall-cmd --state

# List zones
sudo firewall-cmd --list-all-zones

# Add service
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

iptables Basics

Understanding iptables

iptables is low-level firewall tool.

Chains:

  • INPUT: Incoming traffic
  • OUTPUT: Outgoing traffic
  • FORWARD: Routed traffic

Basic Rules

Allow SSH:

# Allow SSH
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT

# Default deny
sudo iptables -P INPUT DROP

Troubleshooting

Firewall Blocking Connections

Check rules:

# UFW
sudo ufw status verbose

# firewalld
sudo firewall-cmd --list-all

# iptables
sudo iptables -L -v

Test Connection

Test ports:

# Test port
nc -zv hostname 22

# Or use telnet
telnet hostname 22

Summary

This guide covered firewall configuration using UFW, firewalld, and iptables for Arch Linux, CachyOS, and other distributions.

Next Steps

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.

Clone this wiki locally