How to Configure Firewall on Arch Linux

Arch Linux is a lightweight, flexible, and user-friendly Linux distribution. It is built on simplicity, code-correctness, and elegance, making it an ideal choice for experienced Linux users. This article will guide you through the process of how to configure firewall on Arch Linux, an essential security measure for any system connected to the internet.

Table of Contents

Introduction to Firewalls
Choosing a Firewall for Arch Linux
Installing and Configuring UFW
Installing and Configuring firewalld
Configuring Services and Ports
Logging and Monitoring
Conclusion

How to Configure Firewall on Arch Linux

Introduction to Firewalls

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. It establishes a barrier between a trusted internal network and an untrusted external network, such as the internet. Firewalls are a critical component of any secure system, as they protect against unauthorized access, data breaches, and various types of cyberattacks.

Choosing a Firewall for Arch Linux

There are several firewall solutions available for Arch Linux, but the two most popular are UFW (Uncomplicated Firewall) and firewalld. Both firewalls are easy to set up and configure, offering a good balance between security and ease of use.

UFW is a simple, user-friendly front-end for iptables, the default Linux firewall. It provides an intuitive interface for managing firewall rules, making it a popular choice for new users.

Firewalld is a dynamic, feature-rich firewall management tool that supports both IPv4 and IPv6, as well as various network zones. It is the default firewall for several major Linux distributions, including Fedora and RHEL, and is known for its flexibility and ease of use.

Installing and Configuring UFW on Arch Linux

To install UFW on Arch Linux, use the following command:

sudo pacman -S ufw

After installation, enable and start the UFW service:

sudo systemctl enable ufw.service
sudo systemctl start ufw.service

To enable the firewall and set the default policies to deny incoming traffic and allow outgoing traffic, run:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Next, you can add rules to allow specific services or ports. For example, to allow SSH, run:

sudo ufw allow ssh

Or, to allow a specific port, such as port 80 for HTTP, run:

sudo ufw allow 80/tcp

To check the status of UFW and view the current rules, use the following command:

sudo ufw status verbose

Installing and Configuring firewalld on Arch Linux

To install firewalld on Arch Linux, run:

sudo pacman -S firewalld

Enable and start the firewalld service:

sudo systemctl enable firewalld.service
sudo systemctl start firewalld.service

To set the default zone to “public” and enable the firewall, run:

sudo firewall-cmd --set-default-zone=public

To open a service or port in firewalld, use the --add-service or--add-port options. For example, to allow SSH, run:

sudo firewall-cmd --zone=public --add-service=ssh --permanent

Or, to allow a specific port, such as port 80 for HTTP, run:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

Remember to reload the firewall after making changes:

sudo firewall-cmd --reload

To check the status of firewalld and view the current rules, use the following command:

sudo firewall-cmd --list-all

Configuring Services and Ports on Linux

When configuring your firewall, it’s essential to consider which services and ports you need to allow. Here are some common services and their corresponding ports:

SSH (Secure Shell): Port 22
HTTP (Web server): Port 80
HTTPS (Secure web server): Port 443
FTP (File Transfer Protocol): Ports 20 and 21
SMTP (Mail server): Port 25
IMAP (Mail retrieval): Port 143
POP3 (Mail retrieval): Port 110

For a more comprehensive list of services and ports, refer to the IANA Service Name and Transport Protocol Port Number Registry.

Logging and Monitoring

Monitoring your firewall logs is crucial for detecting potential security threats and troubleshooting issues. Both UFW and firewalld provide logging functionality out of the box.

To enable logging in UFW, run:

sudo ufw logging on

By default, UFW logs are stored in /var/log/ufw.log. You can monitor the log file using the tail command:

sudo tail -f /var/log/ufw.log

For firewalld, logging is enabled by default. Firewalld logs are stored in the system journal, which can be accessed using the journalctl command:

sudo journalctl -u firewalld.service -f

Conclusion

Configuring a firewall on Arch Linux is an essential step to protect your system from unauthorized access and cyber threats. By following the instructions in this guide, you can quickly set up and configure either UFW or firewalld on your Arch Linux system.

For more information on securing your Arch Linux system, check out these guides:

By implementing these security measures, you can ensure that your Arch Linux system remains safe and secure from potential threats.