In today’s world, securing your system is a top priority. One of the ways to do that is by configuring your firewall properly. A firewall is a security system that monitors and controls the incoming and outgoing network traffic on your system. It acts as a barrier between your system and the internet, protecting it from unauthorized access and malicious traffic. In this article, we’ll show you how to configure your firewall on Scientific Linux. Scientific Linux is a popular open-source operating system that is based on Red Hat Enterprise Linux. It is commonly used in scientific research and academic environments.
How to Configure Firewall on Scientific Linux
Prerequisites
Before we get started with the firewall configuration, you need to have the following:
- A Scientific Linux system with root access.
- Basic knowledge of the Linux command line.
- The
firewalldservice should be installed and enabled on your system. You can check the status of the service using the following command:
systemctl status firewalldIf the firewalld service is not installed, you can install it using the following command:
yum install firewalldBasic Firewall Configuration on Scientific Linux
Once you have installed and enabled the firewalld service, you can start configuring your firewall. The firewalld service is a dynamic firewall management tool that allows you to configure your firewall rules easily. Here are some basic firewall configuration commands:
1. Check the Firewall Status
You can check the status of your firewall using the following command:
firewall-cmd --stateIf the firewall is running, it will return running. If the firewall is not running, it will return not running.
2. Enable the Firewall on Scientific Linux
You can enable the firewall using the following command:
systemctl start firewalld3. Disable the Firewall on Scientific Linux
You can disable the firewall using the following command:
systemctl stop firewalld4. Enable Firewall at Boot Time on Scientific Linux
To ensure that the firewall is started automatically every time your system boots, you can enable it using the following command:
systemctl enable firewalld5. Disable Firewall at Boot Time on Scientific Linux
If you do not want the firewall to start automatically every time your system boots, you can disable it using the following command:
systemctl disable firewalldAdvanced Firewall Configuration
Now that you know the basic firewall configuration commands, let’s move on to some advanced firewall configuration options.
1. Allow Incoming Traffic
To allow incoming traffic to your system, you need to open the required ports in your firewall. You can do this using the following command:
firewall-cmd --add-port=<port>/<protocol> --permanentReplace <port> with the port number you want to open and <protocol> with the protocol used by the service. For example, to allow incoming HTTP traffic, you can use the following command:
firewall-cmd --add-port=80/tcp --permanentOnce you have added the required ports, you need to reload the firewall rules using the following command:
firewall-cmd --reload2. Deny Incoming Traffic
To deny incoming traffic to your system, you need to block the required ports in your firewall. You can do this using the following command:
firewall-cmd --remove-port=<port>/<protocol> --permanentReplace <port> with the port number you want to block and <protocol> with the protocol used by the service. For example, to block incoming SSH traffic, you can use the following command:
Next, we will create a rule to allow incoming traffic to our server on a specific port. This can be useful if we want to run a web server or SSH server on our Scientific Linux machine.
To allow incoming traffic on a specific port, we can use the firewall-cmd command with the --add-port option. For example, to allow incoming traffic on port 22 for SSH, run the following command:
sudo firewall-cmd --add-port=22/tcp --permanentThis command will allow incoming TCP traffic on port 22 and the --permanent flag will ensure that the rule is saved even after a reboot.
Similarly, to allow incoming traffic on port 80 for a web server, run the following command:
sudo firewall-cmd --add-port=80/tcp --permanentOnce again, the --permanent flag will ensure that the rule is saved.
We can also specify a specific IP address or subnet to allow incoming traffic from. For example, to allow incoming traffic from the IP address 192.168.0.10 on port 22, run the following command:
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.10" port protocol="tcp" port="22" accept' --permanentReplace 192.168.0.10 with the IP address of the source machine, and 22 with the port number you want to allow incoming traffic on. The --permanent flag ensures that the rule is saved.
We can also view the rules that are currently set in the firewall by running the following command:
sudo firewall-cmd --list-allThis command will display a list of all the rules that are currently set in the firewall, including the default rules.
Conclusion
Configuring the firewall on Scientific Linux is an important task to ensure the security and stability of your system. In this article, we covered the basics of using the firewall-cmd command to manage the firewall rules on your system.
We covered how to enable the firewall, how to check the firewall status, how to add rules to allow outgoing and incoming traffic, and how to view the currently set rules.
By following these steps, you can ensure that your Scientific Linux system is properly secured and protected against malicious attacks. Learn How to Change SSH Port on Scientific Linux and How to Set Up an Email Server on Scientific Linux.
