Securing Your Server with a Firewall

Security is one of those things that's best done in layers. Security-in-depth, we call it. So, on any given corporate network, you will find a firewall appliance separating the internet from the demilitarized zone (DMZ), where your internet-facing servers are kept. You will also find a firewall appliance between the DMZ and the internal LAN, and firewall software installed on each inpidual server and client. We want to make it as tough as possible for intruders to reach their final destinations within our networks. 

Interestingly though, of all the major Linux distros, only the SUSE distros and the Red Hat-type distros come with firewalls already set up and enabled. When you look at your Ubuntu virtual machine, you'll see that it's wide open, as if it were extending a hearty welcome to any would-be intruder.

Since the focus of this book is on hardening our Linux servers, we'll focus this chapter on that last level of defense, the firewalls on our servers and clients.

In this chapter, we'll cover:

• An overview of iptables
• Uncomplicated Firewall for Ubuntu systems
• firewalld for Red Hat systems
• nftables, a more universal type of firewall system