TUX.RE Forum

What Is a Firewall?

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on defined rules.

It acts as a barrier between a trusted network (like your home or server) and untrusted networks (like the internet).

---

1. Why Do You Need a Firewall?

Without a firewall, your system would be directly exposed to the internet.

A firewall helps to:

• Block unauthorized access
• Protect services and ports
• Prevent attacks
• Control network traffic

---

2. How a Firewall Works

A firewall checks network traffic and decides:

• Allow the connection
• Block the connection

Example:

• Allow port 80 (web server)
• Allow port 443 (HTTPS)
• Block all other incoming traffic

---

3. Types of Firewalls

1. Network Firewall

• Protects an entire network
• Usually built into routers

2. Host-Based Firewall

• Runs on a single system
• Controls traffic for that device

Examples:

• UFW (Uncomplicated Firewall)
• iptables / nftables

---

4. Common Firewall Rules

• Allow specific ports (e.g. SSH, HTTP, HTTPS)
• Block all other incoming traffic
• Limit access to trusted IPs

---

5. Example (Linux UFW)

Allow SSH:
Allow web traffic:
Enable firewall:
---

6. Firewall vs NAT

• NAT → translates IP addresses
• Firewall → controls traffic

Both are often used together in routers.

---

7. Important Tips

• Always enable a firewall on servers
• Allow only required ports
• Regularly review rules
• Combine with updates and security tools

Advanced Firewall Concepts – Ports, States and Traffic Control

After understanding basic firewall concepts, the next step is learning how firewalls actually manage connections using ports, states and rules.

This is essential for running secure servers and network infrastructure.

---

1. What Is a Port?

A port is a communication endpoint used by applications.

Examples:

• 22 → SSH
• 80 → HTTP
• 443 → HTTPS
• 53 → DNS
• 25 → SMTP

Think of an IP address as a building and ports as doors.

---

2. Stateful vs Stateless Firewalls

Stateless Firewall

• Checks each packet independently
• No memory of connections

Stateful Firewall (modern standard)

• Tracks active connections
• Knows if traffic is part of an established session
• More secure and efficient

Example rule:

• Allow ESTABLISHED, RELATED connections

---

3. Connection States

Stateful firewalls classify traffic:

• NEW → new connection attempt
• ESTABLISHED → active connection
• RELATED → related traffic (e.g. FTP data)
• INVALID → broken or suspicious packets

Typical rule:
---

4. Inbound vs Outbound Traffic

Inbound → incoming traffic from internet
Outbound → traffic from your system to internet

Best practice:

• Restrict inbound traffic strictly
• Control outbound traffic if needed

---

5. Default Policies

A secure firewall setup uses:

• Default: DROP (deny everything)
• Allow only required ports

Example:

• Allow 22 (SSH)
• Allow 80, 443 (Web)
• Drop everything else

---

6. Rate Limiting and Protection

Firewalls can limit connections:

• Prevent brute-force attacks
• Limit SSH login attempts
• Protect services from abuse

Example (concept):

• Allow max 5 SSH attempts per minute

---

7. Port Forwarding (Advanced NAT)

Used to expose internal services:

• Public IP → Router → Internal Server

Example:

• Port 80 → 192.168.1.100 (web server)
• Port 22 → 192.168.1.101 (SSH)

---

8. Segmentation and Zones

Advanced setups use zones:

• LAN (internal network)
• DMZ (public services)
• WAN (internet)

This improves security by isolating services.

---

9. Tools in Linux

• nftables (modern standard)
• iptables (legacy)
• UFW (simplified frontend)
• firewalld (zone-based firewall)

---

10. Best Practices

• Use default deny policy
• Allow only necessary ports
• Monitor logs
• Use fail2ban or IDS systems
• Keep firewall rules simple and clear

---


You can find a practical setup guide in our Debian forum:

UFW installation on Debian