How to Setup a Software-Firewall in Linux and Windows ⚠️

Ah firewalls! You’re talking about a crucial part of keeping your systems secure.

Let me tell you I’ve been working with firewalls for years and I’ve learned a thing or two.

So whether you’re a Linux wizard or a Windows pro let’s dive into setting up software firewalls on both platforms.

Setting Up a Software Firewall in Linux




let’s start with Linux. The beauty of Linux is that it often comes with a great firewall built-in called iptables. You don’t need to download anything extra; it’s usually already there.

Working with iptables

Now iptables is a powerful tool but it can seem a little intimidating at first.

It uses a command-line interface and has a syntax that takes some getting used to.

Don’t worry I’ll break it down.

Here’s the basic structure of an iptables command:

iptables <Action: -A> | <Chain: INPUT/OUTPUT> | <Source/Destination: -d/-s> | <Action: -j> | <Rule: ACCEPT>

Let me explain each part:

  • <Action: -A>: This tells iptables to append a new rule to the specified chain.
  • <Chain: INPUT/OUTPUT>: This specifies the chain where you want to add the rule.
    • INPUT: Controls incoming traffic to your system.
    • OUTPUT: Controls outgoing traffic from your system.
  • <Source/Destination: -d/-s>: This is where you specify the source or destination of the traffic.
    • -d: Destination IP address or network.
    • -s: Source IP address or network.
  • <Action: -j>: This tells iptables what to do with the matching traffic.
    • ACCEPT: Allow the traffic.
    • DROP: Block the traffic.
    • REJECT: Block the traffic and send a rejection message back.
  • : This specifies the type of traffic to allow or block. You can define this by port number protocol (TCP/UDP) etc.

A Simple Example

Let’s say you want to allow incoming traffic on port 80 (HTTP). Here’s how you would do it:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This command adds a rule to the INPUT chain that allows TCP traffic on port 80.

Creating a Firewall Script

For more complex setups it’s handy to create a shell script to manage your firewall rules.

Here’s a basic script that opens some common ports:

#!/bin/bash

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allow HTTPS
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow DNS
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT

# Allow FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT

# Allow SMTP
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

# Save changes
/etc/init.d/iptables save

To use this script:

  1. Save it as a file (e.g. firewall.sh).
  2. Make it executable: chmod +x firewall.sh.
  3. Run the script: ./firewall.sh.

Making Changes Permanent

Here’s the catch: When you reboot your system all your iptables rules are lost! To make them permanent you need to use tools like iptables-persistent (for Debian-based systems) or nftables-persistent (for Red Hat-based systems).

Here’s how you can install and use iptables-persistent:

  1. Install the package: apt-get install iptables-persistent netfilter-persistent.
  2. Save your current rules: iptables-save > /etc/iptables/rules.v4.
  3. Update your firewall rules: iptables-save > /etc/iptables/rules.v4.
  4. Restart the iptables service: service iptables restart.

Backing Up Your Firewall Configuration

It’s always a good idea to back up your firewall configuration.

This way if you make a mistake and accidentally block all traffic you can restore your previous configuration.

You can use the iptables-save command to create a backup:

iptables-save > /path/to/your/firewall.backup

To restore from a backup:

iptables-restore < /path/to/your/firewall.backup

Setting Up a Software Firewall in Windows

Now let’s move on to Windows. Windows comes with a built-in firewall that’s pretty straightforward to use. You can manage it through the Windows Firewall with Advanced Security tool.

Accessing the Windows Firewall

Here’s how to access the Windows Firewall:

  1. Open the Control Panel.
  2. Select System and Security.
  3. Select Windows Firewall.
  4. Click on “Advanced settings”.

Understanding Firewall Rules

Windows uses a system of rules to control traffic.

These rules can allow block or take other actions based on specific criteria such as:

  • Direction: Incoming or outgoing traffic.
  • Protocol: TCP or UDP.
  • Port: The specific port number.
  • Program: The specific application or service.
  • Remote IP Address: The IP address of the source or destination.

Adding Rules

To add a new rule click on “Inbound Rules” or “Outbound Rules” depending on the direction you want to control.

Then click on “New Rule.” You can choose from different rule types such as:

  • Port: Allows or blocks traffic based on a specific port.
  • Program: Allows or blocks traffic based on a specific program.
  • Custom: Allows you to create very specific rules.

Example: Changing the RDP Port

One common use case for changing firewall rules is to modify the Remote Desktop Protocol (RDP) port.

By default RDP listens on port 3389. To change this:

  1. Go to “Inbound Rules.”
  2. Select “New Rule.”
  3. Choose “Port” as the rule type.
  4. Select “TCP” as the protocol.
  5. Enter the new port number.
  6. Set the action to “Allow connection.”
  7. Give the rule a descriptive name.
  8. Click “Finish.”

Modifying the Registry

After changing the RDP port in the firewall you also need to update the Windows registry.

This tells the RDP service to listen on the new port.

Warning: Modifying the registry can cause serious system problems if done incorrectly. Always back up your registry before making any changes.

To change the RDP port in the registry:

  1. Open the Registry Editor (regedit.exe).
  2. Navigate to the following key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp.
  3. Double-click on the “PortNumber” value and enter the new port number.
  4. Click “OK.”

Important: After making changes to the registry you need to restart the RDP service for the changes to take effect. You can do this by typing net stop rdp-tcp and net start rdp-tcp in the command prompt.

Best Practices for Firewall Configuration

Here are some best practices for configuring firewalls:

  • Start with a restrictive policy: Only allow necessary traffic.
  • Use the principle of least privilege: Grant the minimum amount of access necessary.
  • Use strong passwords: Protect your firewall configuration from unauthorized access.
  • Regularly review and update your rules: Make sure your rules are still relevant.
  • Use a monitoring system: Keep an eye on firewall logs for suspicious activity.
  • Back up your configurations: You can use the iptables-save or iptables-restore commands in Linux or the Windows Firewall export feature.

Conclusion

Setting up a software firewall is an essential step in securing your systems.

Whether you’re using Linux or Windows the tools and techniques are readily available.

By understanding the principles and following best practices you can create a firewall configuration that protects your data and resources from unwanted access.




Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top