Linux System Administration

0 of 84 lessons complete (0%)

TCP/IP Firewall and IP Masquerade

Firewall Persistence

You don’t have access to this lesson

Please register or sign in to access the course content.

Firewall persistence refers to the ability of a firewall to retain its configuration and rules even after a system reboot. This ensures that the firewall settings remain consistent and effective over time. In Linux, this is particularly important for maintaining security measures. Here’s how you can achieve firewall persistence in CentOS and Ubuntu:

CentOS (Using firewalld):

  1. Installing firewalld (if not already installed): sudo yum install firewalld
  2. Starting and enabling firewalld: sudo systemctl start firewalld sudo systemctl enable firewalld
  3. Configuring Rules:
    • Add and configure rules using firewall-cmd. For example, to open port 80 for HTTP: sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --reload
    • The --permanent flag makes the rule persistent.
  4. Saving Rules:
    • Save the firewall configuration to ensure it persists after a reboot: sudo firewall-cmd --runtime-to-permanent

Ubuntu (Using ufw – Uncomplicated Firewall):

  1. Installing ufw (if not already installed): sudo apt-get update sudo apt-get install ufw
  2. Enabling ufw: sudo ufw enable
  3. Configuring Rules:
    • Add rules using ufw. For example, to open port 80 for HTTP: sudo ufw allow 80/tcp
    • This rule is automatically made persistent.
  4. Saving Rules:
    • ufw automatically saves rules. There’s no need for an additional command.

Verification:

You can verify the persisted rules by checking the firewall configuration files:

  • For CentOS (firewalld):
    • Configuration files are typically stored in /etc/firewalld/zones/.
  • For Ubuntu (ufw):
    • Rules are stored in /etc/ufw/ directory.

Remember, after making any changes to firewall rules, it’s important to test them to ensure they are functioning as expected. Additionally, always exercise caution when modifying firewall rules, as incorrect configurations can lead to security vulnerabilities.