Firewall persistence refers to the ability of a firewall to retain its configuration and rules even after a system reboot. This ensures that the firewall settings remain consistent and effective over time. In Linux, this is particularly important for maintaining security measures. Here’s how you can achieve firewall persistence in CentOS and Ubuntu:
CentOS (Using firewalld):
- Installing
firewalld(if not already installed):sudo yum install firewalld - Starting and enabling
firewalld:sudo systemctl start firewalld sudo systemctl enable firewalld - Configuring Rules:
- Add and configure rules using
firewall-cmd. For example, to open port 80 for HTTP:sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --reload - The
--permanentflag makes the rule persistent.
- Add and configure rules using
- Saving Rules:
- Save the firewall configuration to ensure it persists after a reboot:
sudo firewall-cmd --runtime-to-permanent
- Save the firewall configuration to ensure it persists after a reboot:
Ubuntu (Using ufw – Uncomplicated Firewall):
- Installing
ufw(if not already installed):sudo apt-get update sudo apt-get install ufw - Enabling
ufw:sudo ufw enable - Configuring Rules:
- Add rules using
ufw. For example, to open port 80 for HTTP:sudo ufw allow 80/tcp - This rule is automatically made persistent.
- Add rules using
- Saving Rules:
ufwautomatically saves rules. There’s no need for an additional command.
Verification:
You can verify the persisted rules by checking the firewall configuration files:
- For CentOS (firewalld):
- Configuration files are typically stored in
/etc/firewalld/zones/.
- Configuration files are typically stored in
- For Ubuntu (
ufw):- Rules are stored in
/etc/ufw/directory.
- Rules are stored in
Remember, after making any changes to firewall rules, it’s important to test them to ensure they are functioning as expected. Additionally, always exercise caution when modifying firewall rules, as incorrect configurations can lead to security vulnerabilities.