What is a Linux firewall

Privacy manual

There are security-oriented Linux distributions such as RHEL or QubesOS, which by default install a firewall and a GUI for configuration, which initially blocks all external connection attempts. Many mainstream distributions such as Ubuntu (s), Linux Mint, ARCH Linux or Manjaro / KDE do without a firewall in the standard installation or do not activate it automatically after the installation.

Uncomplicated Firewall (UFW)

UFW is an easy-to-configure firewall for Debian, Ubuntu (s), Linux Mint, ARCH Linux or Manjaro, which can be installed and commissioned quickly. Linux Mint and Manjaro install the firewall by default but do not enable it automatically. In Debian and Ubuntu (s), the installation is done with one command: After UFW has been installed, you have to activate the firewall: The result is a firewall that blocks all connection attempts from outside, but external communication is enabled for local programs . For many users that is probably enough. Adjustments are possible.

You can activate individual services that should be accessible from the outside: The release is deleted by pressing a "delete" inserts: The list of predefined services can be viewed with the following command: If no suitable predefined services are available, ports can also be specified. For the I2P router, for example, you can enable port 8888: You can only enable individual services such as CUPS (port: 631) for the local network: You can block outgoing protocols that you do not want to use: Or you could be very restrictive , block all outgoing services by default and then only allow external communication for individual protocols: One should not forget the DNS traffic. Road warriors should generally do without the IP of the router if they use different networks.

You can check the status of the firewall with the following command: And if you want to start all over again:
There is a graphical front end GUFW that can be installed with the preferred package manager, if it is not yet available, under Debian / Ubuntu with: GUFW can manage several profiles if you want to use different settings on your laptop at home than when you are out and about. Adding rules is easy to do, even if the rules are a little more complicated.

RHEL firewall

RHEL uses the "firewalld" and a GUI installed to manage the firewall rules. "firewalld" differentiates between a temporary runtime configuration and a permanent configuration. If you want to save rules permanently, you shouldn't forget to switch to the permanent configuration.
"firewalld" distinguishes between different zones for which different firewall rules can apply. The zone to which it is assigned can be defined for each network interface. It is a tool that is well suited for complex server architectures.

The "firewalld" The configuration in Fedora allows incoming connections from outside on the non-privileged ports> 1024 by default. (You have to correct it yourself.)

QubesOS Firewall

By default, QubesOS includes a firewall that runs in its own VM. In the default configuration, the services in the work VMs cannot be reached, but all connections are possible from the work VMs.

In the settings for each individual VM, you can completely block the data traffic by choosing Networking deactivated. In addition, you can apply restrictive firewall settings by only allowing outgoing connections for certain protocols.

Note: When specifying DNS names in firewall rules, these are converted into IP addresses once when the firewall is started and the IP addresses are used in the active rules. That works, but it is suboptimal. You could determine the IP addresses yourself and enter them in the firewall rules if the addresses are stable.