{"id":173,"date":"2025-10-19T12:30:22","date_gmt":"2025-10-19T12:30:22","guid":{"rendered":"https:\/\/www.vm6.co.uk\/blog\/?p=173"},"modified":"2025-10-19T12:30:28","modified_gmt":"2025-10-19T12:30:28","slug":"how-to-configure-firewall-on-linux-complete-guide","status":"publish","type":"post","link":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/","title":{"rendered":"How to Configure Firewall on Linux: Complete Guide"},"content":{"rendered":"\n<style>\n.firewall-guide-content pre {\n    background: #2d2d2d;\n    color: #f8f8f2;\n    padding: 15px;\n    border-radius: 5px;\n    overflow-x: auto;\n    margin: 15px 0;\n    border-left: 4px solid #00d4ff;\n}\n.firewall-guide-content code {\n    background: #f4f4f4;\n    color: #c7254e;\n    padding: 2px 6px;\n    border-radius: 3px;\n    font-family: 'Courier New', monospace;\n    font-size: 0.9em;\n}\n.firewall-guide-content pre code {\n    background: transparent;\n    color: #f8f8f2;\n    padding: 0;\n}\n.firewall-guide-content .warning-box {\n    background: #fff3cd;\n    border-left: 4px solid #ffc107;\n    padding: 15px;\n    margin: 20px 0;\n    border-radius: 4px;\n    color: #000;\n}\n.firewall-guide-content .info-box {\n    background: #d1ecf1;\n    border-left: 4px solid #17a2b8;\n    padding: 15px;\n    margin: 20px 0;\n    border-radius: 4px;\n    color: #000;\n}\n.firewall-guide-content .success-box {\n    background: #d4edda;\n    border-left: 4px solid #28a745;\n    padding: 15px;\n    margin: 20px 0;\n    border-radius: 4px;\n    color: #000;\n}\n<\/style>\n\n<div class=\"firewall-guide-content\">\n<p>A properly configured firewall is your Linux server&#8217;s first line of defense against unauthorized access and malicious attacks. This comprehensive guide will walk you through installing and configuring the three most popular Linux firewalls: UFW, firewalld, and iptables.<\/p>\n\n<h2>Understanding Linux Firewalls<\/h2>\n\n<p>Linux firewalls work by filtering network traffic based on predefined rules. They control incoming and outgoing connections, allowing legitimate traffic while blocking potentially harmful requests. There are three main firewall solutions for Linux:<\/p>\n\n<ul>\n    <li><strong>UFW (Uncomplicated Firewall)<\/strong> &#8211; Simple, user-friendly, perfect for Ubuntu\/Debian systems<\/li>\n    <li><strong>firewalld<\/strong> &#8211; Dynamic firewall with zones, ideal for RHEL\/CentOS\/Fedora systems<\/li>\n    <li><strong>iptables<\/strong> &#8211; Powerful, low-level firewall for advanced users<\/li>\n<\/ul>\n\n<h2>Prerequisites<\/h2>\n\n<p>Before you begin, ensure you have:<\/p>\n\n<ul>\n    <li>Root or sudo access to your Linux server<\/li>\n    <li>SSH access to your server (or physical\/console access)<\/li>\n    <li>Basic knowledge of which services you need to allow<\/li>\n    <li>List of ports your applications use<\/li>\n<\/ul>\n\n<div class=\"warning-box\">\n    <strong>\u26a0\ufe0f Critical Warning:<\/strong> Incorrect firewall configuration can lock you out of your server, especially if you&#8217;re connected via SSH. Always keep a backup connection open and test rules before disconnecting.\n<\/div>\n\n<h2>Part 1: UFW (Uncomplicated Firewall)<\/h2>\n\n<p>UFW is the easiest firewall to configure and is the default on Ubuntu and Debian-based systems.<\/p>\n\n<h3>Installing UFW<\/h3>\n\n<p>On Ubuntu\/Debian:<\/p>\n\n<pre><code>sudo apt update\nsudo apt install ufw<\/code><\/pre>\n\n<p>Verify installation:<\/p>\n\n<pre><code>sudo ufw version<\/code><\/pre>\n\n<h3>Basic UFW Configuration<\/h3>\n\n<p><strong>Step 1: Check UFW Status<\/strong><\/p>\n\n<pre><code>sudo ufw status verbose<\/code><\/pre>\n\n<p><strong>Step 2: Set Default Policies<\/strong><\/p>\n\n<p>Block all incoming traffic and allow all outgoing traffic by default:<\/p>\n\n<pre><code>sudo ufw default deny incoming\nsudo ufw default allow outgoing<\/code><\/pre>\n\n<div class=\"info-box\">\n    <strong>\ud83d\udca1 Important:<\/strong> Before enabling UFW, make sure to allow SSH access or you&#8217;ll be locked out!\n<\/div>\n\n<p><strong>Step 3: Allow SSH Access<\/strong><\/p>\n\n<pre><code>sudo ufw allow ssh<\/code><\/pre>\n\n<p>Or specify the port number if you use a custom SSH port:<\/p>\n\n<pre><code>sudo ufw allow 2222\/tcp<\/code><\/pre>\n\n<p><strong>Step 4: Enable UFW<\/strong><\/p>\n\n<pre><code>sudo ufw enable<\/code><\/pre>\n\n<p>Confirm when prompted. UFW will now start on boot automatically.<\/p>\n\n<h3>Common UFW Rules<\/h3>\n\n<p><strong>Allow HTTP and HTTPS (Web Server):<\/strong><\/p>\n\n<pre><code>sudo ufw allow 80\/tcp\nsudo ufw allow 443\/tcp<\/code><\/pre>\n\n<p>Or use service names:<\/p>\n\n<pre><code>sudo ufw allow http\nsudo ufw allow https<\/code><\/pre>\n\n<p><strong>Allow MySQL\/MariaDB:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 3306\/tcp<\/code><\/pre>\n\n<p><strong>Allow PostgreSQL:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 5432\/tcp<\/code><\/pre>\n\n<p><strong>Allow FTP:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 21\/tcp<\/code><\/pre>\n\n<p><strong>Allow DNS:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 53<\/code><\/pre>\n\n<p><strong>Allow Port Range:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 6000:6007\/tcp<\/code><\/pre>\n\n<p><strong>Allow from Specific IP Address:<\/strong><\/p>\n\n<pre><code>sudo ufw allow from 192.168.1.100<\/code><\/pre>\n\n<p><strong>Allow from IP to Specific Port:<\/strong><\/p>\n\n<pre><code>sudo ufw allow from 192.168.1.100 to any port 22<\/code><\/pre>\n\n<p><strong>Allow Subnet:<\/strong><\/p>\n\n<pre><code>sudo ufw allow from 192.168.1.0\/24<\/code><\/pre>\n\n<h3>Managing UFW Rules<\/h3>\n\n<p><strong>View All Rules with Numbers:<\/strong><\/p>\n\n<pre><code>sudo ufw status numbered<\/code><\/pre>\n\n<p><strong>Delete a Rule by Number:<\/strong><\/p>\n\n<pre><code>sudo ufw delete 3<\/code><\/pre>\n\n<p><strong>Delete a Rule by Specification:<\/strong><\/p>\n\n<pre><code>sudo ufw delete allow 80\/tcp<\/code><\/pre>\n\n<p><strong>Deny a Connection:<\/strong><\/p>\n\n<pre><code>sudo ufw deny from 203.0.113.100<\/code><\/pre>\n\n<p><strong>Reset UFW to Default:<\/strong><\/p>\n\n<pre><code>sudo ufw reset<\/code><\/pre>\n\n<h3>Advanced UFW Configuration<\/h3>\n\n<p><strong>Enable Logging:<\/strong><\/p>\n\n<pre><code>sudo ufw logging on<\/code><\/pre>\n\n<p>Set logging level (low, medium, high, full):<\/p>\n\n<pre><code>sudo ufw logging medium<\/code><\/pre>\n\n<p><strong>View Logs:<\/strong><\/p>\n\n<pre><code>sudo tail -f \/var\/log\/ufw.log<\/code><\/pre>\n\n<p><strong>Allow Application Profiles:<\/strong><\/p>\n\n<p>View available application profiles:<\/p>\n\n<pre><code>sudo ufw app list<\/code><\/pre>\n\n<p>Allow an application:<\/p>\n\n<pre><code>sudo ufw allow 'Nginx Full'\nsudo ufw allow 'Apache Full'\nsudo ufw allow 'OpenSSH'<\/code><\/pre>\n\n<h2>Part 2: firewalld<\/h2>\n\n<p>firewalld is a dynamic firewall manager used primarily on RHEL, CentOS, Fedora, and Rocky Linux systems. It uses zones to define trust levels for network connections.<\/p>\n\n<h3>Installing firewalld<\/h3>\n\n<p>On RHEL\/CentOS\/Fedora\/Rocky Linux:<\/p>\n\n<pre><code>sudo dnf install firewalld<\/code><\/pre>\n\n<p>Or on older systems:<\/p>\n\n<pre><code>sudo yum install firewalld<\/code><\/pre>\n\n<p>Start and enable firewalld:<\/p>\n\n<pre><code>sudo systemctl start firewalld\nsudo systemctl enable firewalld<\/code><\/pre>\n\n<p>Verify status:<\/p>\n\n<pre><code>sudo systemctl status firewalld\nsudo firewall-cmd --state<\/code><\/pre>\n\n<h3>Understanding firewalld Zones<\/h3>\n\n<p>firewalld uses zones to manage trust levels. Common zones include:<\/p>\n\n<ul>\n    <li><strong>drop<\/strong> &#8211; All incoming connections dropped without reply<\/li>\n    <li><strong>block<\/strong> &#8211; All incoming connections rejected with icmp-host-prohibited message<\/li>\n    <li><strong>public<\/strong> &#8211; For use in public areas, only selected incoming connections accepted<\/li>\n    <li><strong>external<\/strong> &#8211; For external networks with masquerading enabled<\/li>\n    <li><strong>dmz<\/strong> &#8211; For computers in DMZ with limited access<\/li>\n    <li><strong>work<\/strong> &#8211; For work networks, more services trusted<\/li>\n    <li><strong>home<\/strong> &#8211; For home networks, more services trusted<\/li>\n    <li><strong>internal<\/strong> &#8211; For internal networks<\/li>\n    <li><strong>trusted<\/strong> &#8211; All network connections accepted<\/li>\n<\/ul>\n\n<h3>Basic firewalld Configuration<\/h3>\n\n<p><strong>Check Default Zone:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --get-default-zone<\/code><\/pre>\n\n<p><strong>Set Default Zone:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --set-default-zone=public<\/code><\/pre>\n\n<p><strong>List Active Zones:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --get-active-zones<\/code><\/pre>\n\n<p><strong>View All Rules in a Zone:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --zone=public --list-all<\/code><\/pre>\n\n<h3>Managing Services in firewalld<\/h3>\n\n<p><strong>List Available Services:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --get-services<\/code><\/pre>\n\n<p><strong>Allow SSH:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<div class=\"info-box\">\n    <strong>\ud83d\udca1 Note:<\/strong> The <code>--permanent<\/code> flag makes rules persistent across reboots. Always run <code>--reload<\/code> after adding permanent rules to apply them immediately.\n<\/div>\n\n<p><strong>Allow HTTP and HTTPS:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>Remove a Service:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --remove-service=http\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h3>Managing Ports in firewalld<\/h3>\n\n<p><strong>Open a Port:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-port=8080\/tcp\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>Open Multiple Ports:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-port=3000-3005\/tcp\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>List Open Ports:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --list-ports<\/code><\/pre>\n\n<p><strong>Remove a Port:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --remove-port=8080\/tcp\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h3>Advanced firewalld Configuration<\/h3>\n\n<p><strong>Allow from Specific IP:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.100\" accept'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>Allow IP to Specific Port:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.100\" port port=\"22\" protocol=\"tcp\" accept'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>Block an IP Address:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"203.0.113.100\" reject'\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>View Rich Rules:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --list-rich-rules<\/code><\/pre>\n\n<p><strong>Enable Logging:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --set-log-denied=all\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h3>Managing firewalld Zones<\/h3>\n\n<p><strong>Add Interface to Zone:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --zone=public --add-interface=eth0\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<p><strong>Change Zone for Interface:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --zone=home --change-interface=eth0\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h2>Part 3: iptables<\/h2>\n\n<p>iptables is the most powerful and flexible firewall for Linux, but also the most complex. It works at a lower level than UFW or firewalld.<\/p>\n\n<h3>Installing iptables<\/h3>\n\n<p>iptables is usually pre-installed on most Linux distributions. If not:<\/p>\n\n<p>On Ubuntu\/Debian:<\/p>\n\n<pre><code>sudo apt install iptables iptables-persistent<\/code><\/pre>\n\n<p>On RHEL\/CentOS\/Fedora:<\/p>\n\n<pre><code>sudo dnf install iptables-services<\/code><\/pre>\n\n<div class=\"warning-box\">\n    <strong>\u26a0\ufe0f Important:<\/strong> If using firewalld or UFW, disable them before using iptables to avoid conflicts.\n<\/div>\n\n<p><strong>Disable firewalld:<\/strong><\/p>\n\n<pre><code>sudo systemctl stop firewalld\nsudo systemctl disable firewalld<\/code><\/pre>\n\n<p><strong>Disable UFW:<\/strong><\/p>\n\n<pre><code>sudo ufw disable<\/code><\/pre>\n\n<h3>Understanding iptables Chains<\/h3>\n\n<p>iptables uses three main chains:<\/p>\n\n<ul>\n    <li><strong>INPUT<\/strong> &#8211; Controls incoming connections<\/li>\n    <li><strong>OUTPUT<\/strong> &#8211; Controls outgoing connections<\/li>\n    <li><strong>FORWARD<\/strong> &#8211; Controls routed\/forwarded connections<\/li>\n<\/ul>\n\n<h3>Basic iptables Commands<\/h3>\n\n<p><strong>View Current Rules:<\/strong><\/p>\n\n<pre><code>sudo iptables -L -v -n<\/code><\/pre>\n\n<p><strong>View Rules with Line Numbers:<\/strong><\/p>\n\n<pre><code>sudo iptables -L --line-numbers<\/code><\/pre>\n\n<p><strong>Flush All Rules (Clear Everything):<\/strong><\/p>\n\n<pre><code>sudo iptables -F<\/code><\/pre>\n\n<h3>Setting Default Policies<\/h3>\n\n<p>Set default policies to drop all traffic:<\/p>\n\n<pre><code>sudo iptables -P INPUT DROP\nsudo iptables -P FORWARD DROP\nsudo iptables -P OUTPUT ACCEPT<\/code><\/pre>\n\n<h3>Allow Loopback Traffic<\/h3>\n\n<p>Always allow localhost connections:<\/p>\n\n<pre><code>sudo iptables -A INPUT -i lo -j ACCEPT\nsudo iptables -A OUTPUT -o lo -j ACCEPT<\/code><\/pre>\n\n<h3>Allow Established Connections<\/h3>\n\n<p>Allow established and related incoming connections:<\/p>\n\n<pre><code>sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n\n<h3>Common iptables Rules<\/h3>\n\n<p><strong>Allow SSH:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT<\/code><\/pre>\n\n<p><strong>Allow HTTP and HTTPS:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT<\/code><\/pre>\n\n<p><strong>Allow from Specific IP:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT<\/code><\/pre>\n\n<p><strong>Allow from Subnet:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -s 192.168.1.0\/24 -j ACCEPT<\/code><\/pre>\n\n<p><strong>Block an IP Address:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -s 203.0.113.100 -j DROP<\/code><\/pre>\n\n<p><strong>Allow Port Range:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -p tcp --dport 6000:6007 -j ACCEPT<\/code><\/pre>\n\n<p><strong>Allow Ping (ICMP):<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT<\/code><\/pre>\n\n<h3>Deleting iptables Rules<\/h3>\n\n<p><strong>Delete by Line Number:<\/strong><\/p>\n\n<pre><code>sudo iptables -D INPUT 3<\/code><\/pre>\n\n<p><strong>Delete by Specification:<\/strong><\/p>\n\n<pre><code>sudo iptables -D INPUT -p tcp --dport 80 -j ACCEPT<\/code><\/pre>\n\n<h3>Saving iptables Rules<\/h3>\n\n<p>Rules are lost on reboot unless saved.<\/p>\n\n<p><strong>On Ubuntu\/Debian (with iptables-persistent):<\/strong><\/p>\n\n<pre><code>sudo netfilter-persistent save<\/code><\/pre>\n\n<p>Or manually:<\/p>\n\n<pre><code>sudo iptables-save | sudo tee \/etc\/iptables\/rules.v4<\/code><\/pre>\n\n<p><strong>On RHEL\/CentOS:<\/strong><\/p>\n\n<pre><code>sudo service iptables save<\/code><\/pre>\n\n<p>Or:<\/p>\n\n<pre><code>sudo iptables-save | sudo tee \/etc\/sysconfig\/iptables<\/code><\/pre>\n\n<h3>Restoring iptables Rules<\/h3>\n\n<p><strong>On Ubuntu\/Debian:<\/strong><\/p>\n\n<pre><code>sudo iptables-restore < \/etc\/iptables\/rules.v4<\/code><\/pre>\n\n<p><strong>On RHEL\/CentOS:<\/strong><\/p>\n\n<pre><code>sudo iptables-restore < \/etc\/sysconfig\/iptables<\/code><\/pre>\n\n<h3>Complete iptables Configuration Example<\/h3>\n\n<p>Here's a complete basic firewall setup:<\/p>\n\n<pre><code>#!\/bin\/bash\n\n# Flush existing rules\nsudo iptables -F\nsudo iptables -X\n\n# Set default policies\nsudo iptables -P INPUT DROP\nsudo iptables -P FORWARD DROP\nsudo iptables -P OUTPUT ACCEPT\n\n# Allow loopback\nsudo iptables -A INPUT -i lo -j ACCEPT\n\n# Allow established connections\nsudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n\n# Allow SSH\nsudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT\n\n# Allow HTTP and HTTPS\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT\n\n# Allow ping\nsudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT\n\n# Save rules\nsudo netfilter-persistent save<\/code><\/pre>\n\n<h2>Firewall Security Best Practices<\/h2>\n\n<h3>1. Principle of Least Privilege<\/h3>\n\n<p>Only open ports that are absolutely necessary. If a service isn't being used, don't allow its port through the firewall.<\/p>\n\n<h3>2. Use Specific Rules<\/h3>\n\n<p>Instead of allowing all traffic from an IP, allow specific ports:<\/p>\n\n<pre><code># Better\nsudo ufw allow from 192.168.1.100 to any port 22\n\n# Avoid\nsudo ufw allow from 192.168.1.100<\/code><\/pre>\n\n<h3>3. Implement Rate Limiting<\/h3>\n\n<p><strong>UFW Rate Limiting:<\/strong><\/p>\n\n<pre><code>sudo ufw limit ssh<\/code><\/pre>\n\n<p><strong>iptables Rate Limiting:<\/strong><\/p>\n\n<pre><code>sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set\nsudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP<\/code><\/pre>\n\n<h3>4. Regular Audits<\/h3>\n\n<p>Regularly review your firewall rules and remove unnecessary ones:<\/p>\n\n<pre><code>sudo ufw status numbered\nsudo firewall-cmd --list-all\nsudo iptables -L -v -n<\/code><\/pre>\n\n<h3>5. Enable Logging<\/h3>\n\n<p>Enable firewall logging to monitor suspicious activity and troubleshoot issues.<\/p>\n\n<h3>6. Keep Firewall Updated<\/h3>\n\n<p>Regularly update your firewall software:<\/p>\n\n<pre><code>sudo apt update && sudo apt upgrade  # Debian\/Ubuntu\nsudo dnf update  # RHEL\/Fedora<\/code><\/pre>\n\n<h3>7. Test Before Deploying<\/h3>\n\n<p>Always test firewall rules in a safe environment before applying to production servers.<\/p>\n\n<h2>Common Firewall Scenarios<\/h2>\n\n<h3>Web Server (Apache\/Nginx)<\/h3>\n\n<p><strong>UFW:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 'Nginx Full'\nsudo ufw allow ssh\nsudo ufw enable<\/code><\/pre>\n\n<p><strong>firewalld:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h3>Database Server (MySQL\/PostgreSQL)<\/h3>\n\n<p>Only allow from application server IP:<\/p>\n\n<p><strong>UFW:<\/strong><\/p>\n\n<pre><code>sudo ufw allow from 192.168.1.50 to any port 3306\nsudo ufw allow ssh\nsudo ufw enable<\/code><\/pre>\n\n<p><strong>firewalld:<\/strong><\/p>\n\n<pre><code>sudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.50\" port port=\"3306\" protocol=\"tcp\" accept'\nsudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --reload<\/code><\/pre>\n\n<h3>Mail Server<\/h3>\n\n<p><strong>UFW:<\/strong><\/p>\n\n<pre><code>sudo ufw allow 25\/tcp   # SMTP\nsudo ufw allow 587\/tcp  # Submission\nsudo ufw allow 993\/tcp  # IMAPS\nsudo ufw allow 995\/tcp  # POP3S\nsudo ufw allow ssh\nsudo ufw enable<\/code><\/pre>\n\n<h3>Docker Host<\/h3>\n\n<p>Docker manipulates iptables directly. If using UFW:<\/p>\n\n<pre><code># Edit \/etc\/ufw\/after.rules and add Docker rules\n# Or edit \/etc\/default\/ufw\nDEFAULT_FORWARD_POLICY=\"ACCEPT\"<\/code><\/pre>\n\n<h2>Troubleshooting Firewall Issues<\/h2>\n\n<h3>Issue: Locked Out After Enabling Firewall<\/h3>\n\n<p><strong>Solution:<\/strong> If you have console access (physical or cloud console), log in and disable the firewall:<\/p>\n\n<pre><code>sudo ufw disable\nsudo systemctl stop firewalld<\/code><\/pre>\n\n<p>Then reconfigure with proper SSH access rules.<\/p>\n\n<h3>Issue: Service Not Accessible After Opening Port<\/h3>\n\n<p><strong>Check if service is listening:<\/strong><\/p>\n\n<pre><code>sudo netstat -tulpn | grep :80\nsudo ss -tulpn | grep :80<\/code><\/pre>\n\n<p><strong>Check if firewall rule is active:<\/strong><\/p>\n\n<pre><code>sudo ufw status | grep 80\nsudo firewall-cmd --list-ports\nsudo iptables -L -n | grep 80<\/code><\/pre>\n\n<p><strong>Check service logs:<\/strong><\/p>\n\n<pre><code>sudo journalctl -u nginx -n 50\nsudo tail -f \/var\/log\/apache2\/error.log<\/code><\/pre>\n\n<h3>Issue: Rules Not Persisting After Reboot<\/h3>\n\n<p><strong>UFW:<\/strong> UFW should persist automatically. Check if enabled:<\/p>\n\n<pre><code>sudo ufw status<\/code><\/pre>\n\n<p><strong>firewalld:<\/strong> Ensure you used <code>--permanent<\/code> flag:<\/p>\n\n<pre><code>sudo firewall-cmd --permanent --list-all<\/code><\/pre>\n\n<p><strong>iptables:<\/strong> Ensure rules are saved:<\/p>\n\n<pre><code>sudo netfilter-persistent save  # Debian\/Ubuntu\nsudo service iptables save      # RHEL\/CentOS<\/code><\/pre>\n\n<h2>Testing Your Firewall<\/h2>\n\n<h3>Test Open Ports<\/h3>\n\n<p>From another machine, test if ports are open:<\/p>\n\n<pre><code>telnet your_server_ip 80\nnc -zv your_server_ip 443<\/code><\/pre>\n\n<p>Or use nmap:<\/p>\n\n<pre><code>nmap -p 22,80,443 your_server_ip<\/code><\/pre>\n\n<h3>Test from the Server<\/h3>\n\n<pre><code>curl -I http:\/\/localhost\ncurl -I https:\/\/localhost<\/code><\/pre>\n\n<h3>Online Port Scanners<\/h3>\n\n<p>Use online tools to scan your public IP:<\/p>\n<ul>\n    <li>https:\/\/www.yougetsignal.com\/tools\/open-ports\/<\/li>\n    <li>https:\/\/pentest-tools.com\/network-vulnerability-scanning\/tcp-port-scanner-online-nmap<\/li>\n<\/ul>\n\n<h2>Firewall Comparison Chart<\/h2>\n\n<table style=\"width:100%; border-collapse: collapse; margin: 20px 0;\">\n    <tr style=\"background: #f4f4f4;\">\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">Feature<\/th>\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">UFW<\/th>\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">firewalld<\/th>\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">iptables<\/th>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Ease of Use<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50\u2b50\u2b50\u2b50<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50\u2b50\u2b50<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Flexibility<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50\u2b50<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50\u2b50\u2b50<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">\u2b50\u2b50\u2b50\u2b50\u2b50<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Default On<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Ubuntu\/Debian<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">RHEL\/CentOS\/Fedora<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">None (manual)<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Dynamic Rules<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">No<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Yes<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">No<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Zone Support<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">No<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Yes<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">No<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Best For<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Beginners, Simple setups<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Enterprise, Complex networks<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Advanced users, Custom configs<\/td>\n    <\/tr>\n<\/table>\n\n<h2>Quick Reference Commands<\/h2>\n\n<h3>UFW Quick Reference<\/h3>\n\n<pre><code># Status and management\nsudo ufw status verbose\nsudo ufw enable\nsudo ufw disable\nsudo ufw reload\n\n# Allow\/deny rules\nsudo ufw allow 80\/tcp\nsudo ufw deny 8080\/tcp\nsudo ufw allow from 192.168.1.100\nsudo ufw delete allow 80\/tcp\n\n# Application profiles\nsudo ufw app list\nsudo ufw allow 'Nginx Full'\n\n# Logging\nsudo ufw logging on<\/code><\/pre>\n\n<h3>firewalld Quick Reference<\/h3>\n\n<pre><code># Status and management\nsudo systemctl status firewalld\nsudo firewall-cmd --state\nsudo firewall-cmd --reload\n\n# Services\nsudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --remove-service=http\nsudo firewall-cmd --list-services\n\n# Ports\nsudo firewall-cmd --permanent --add-port=8080\/tcp\nsudo firewall-cmd --permanent --remove-port=8080\/tcp\nsudo firewall-cmd --list-ports\n\n# Zones\nsudo firewall-cmd --get-default-zone\nsudo firewall-cmd --set-default-zone=public\nsudo firewall-cmd --zone=public --list-all\n\n# Rich rules\nsudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.100\" accept'\nsudo firewall-cmd --list-rich-rules<\/code><\/pre>\n\n<h3>iptables Quick Reference<\/h3>\n\n<pre><code># View rules\nsudo iptables -L -v -n\nsudo iptables -L --line-numbers\n\n# Add rules\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT\n\n# Delete rules\nsudo iptables -D INPUT 3\nsudo iptables -F  # Flush all rules\n\n# Default policies\nsudo iptables -P INPUT DROP\nsudo iptables -P OUTPUT ACCEPT\n\n# Save rules\nsudo netfilter-persistent save  # Debian\/Ubuntu\nsudo service iptables save      # RHEL\/CentOS<\/code><\/pre>\n\n<h2>Conclusion<\/h2>\n\n<p>Configuring a firewall is essential for securing your Linux server. Whether you choose UFW for its simplicity, firewalld for its dynamic zone-based approach, or iptables for maximum control, the key is to implement the principle of least privilege: only allow what's necessary and block everything else.<\/p>\n\n<div class=\"success-box\">\n    <strong>\u2705 Key Takeaways:<\/strong>\n    <ul>\n        <li>Always allow SSH before enabling your firewall<\/li>\n        <li>Test rules before disconnecting from your server<\/li>\n        <li>Use specific rules rather than blanket allows<\/li>\n        <li>Enable logging to monitor suspicious activity<\/li>\n        <li>Regularly audit and update your firewall rules<\/li>\n        <li>Combine firewall protection with other security measures<\/li>\n    <\/ul>\n<\/div>\n\n<p>Remember that a firewall is just one layer of your security strategy. Combine it with regular updates, strong passwords or SSH keys, fail2ban, intrusion detection systems, and security monitoring for comprehensive server protection.<\/p>\n\n<h2>Additional Security Recommendations<\/h2>\n\n<p>To further enhance your server security beyond the firewall:<\/p>\n\n<ul>\n    <li><strong>Install Fail2Ban:<\/strong> Automatically ban IPs that show malicious signs<\/li>\n    <li><strong>Use SSH Keys:<\/strong> Disable password authentication entirely<\/li>\n    <li><strong>Enable Two-Factor Authentication:<\/strong> Add an extra layer of security<\/li>\n    <li><strong>Regular Updates:<\/strong> Keep your system and packages up to date<\/li>\n    <li><strong>Security Auditing:<\/strong> Use tools like Lynis or OpenSCAP for security audits<\/li>\n    <li><strong>Intrusion Detection:<\/strong> Install AIDE or Tripwire to monitor file integrity<\/li>\n    <li><strong>Log Monitoring:<\/strong> Regularly review system logs for suspicious activity<\/li>\n<\/ul>\n\n<h2>Common Ports Reference<\/h2>\n\n<table style=\"width:100%; border-collapse: collapse; margin: 20px 0;\">\n    <tr style=\"background: #f4f4f4;\">\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">Service<\/th>\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">Port<\/th>\n        <th style=\"border: 1px solid #ddd; padding: 10px; text-align: left;\">Protocol<\/th>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">SSH<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">22<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">FTP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">21<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">SFTP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">22<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">HTTP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">80<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">HTTPS<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">443<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">SMTP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">25<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">SMTP Submission<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">587<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">SMTPS<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">465<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">IMAP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">143<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">IMAPS<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">993<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">POP3<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">110<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">POP3S<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">995<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">MySQL\/MariaDB<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">3306<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">PostgreSQL<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">5432<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">MongoDB<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">27017<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Redis<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">6379<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">DNS<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">53<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP\/UDP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">NTP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">123<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">UDP<\/td>\n    <\/tr>\n    <tr>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">RDP<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">3389<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n    <tr style=\"background: #f9f9f9;\">\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">Docker<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">2375-2376<\/td>\n        <td style=\"border: 1px solid #ddd; padding: 10px;\">TCP<\/td>\n    <\/tr>\n<\/table>\n\n<hr>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A properly configured firewall is your Linux server&#8217;s first line of defense against unauthorized access and malicious attacks. This comprehensive guide will walk you through installing and configuring the three&#8230; <a href=\"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/\" class=\"read-more\" style=\"color: #fbbf24;\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":176,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mbp_gutenberg_autopost":false,"footnotes":""},"categories":[44,2],"tags":[48,49,38,25,50,5],"class_list":["post-173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dedicated-servers","category-vps-hosting","tag-configure","tag-firewall","tag-install","tag-linux","tag-secruity","tag-vps"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to configure Firewall on Linux: Complete Guide - VM6 Networks<\/title>\n<meta name=\"description\" content=\"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to configure Firewall on Linux: Complete Guide - VM6 Networks\" \/>\n<meta property=\"og:description\" content=\"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"VM6 Networks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=61567167860081\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-19T12:30:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-19T12:30:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rob\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vm6uk\" \/>\n<meta name=\"twitter:site\" content=\"@vm6uk\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rob\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/\"},\"author\":{\"name\":\"Rob\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/73944405d16ba2f72183539123b66914\"},\"headline\":\"How to Configure Firewall on Linux: Complete Guide\",\"datePublished\":\"2025-10-19T12:30:22+00:00\",\"dateModified\":\"2025-10-19T12:30:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/\"},\"wordCount\":1364,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/firewall.jpg\",\"keywords\":[\"Configure\",\"firewall\",\"install\",\"Linux\",\"secruity\",\"VPS\"],\"articleSection\":[\"Dedicated Servers\",\"VPS Hosting\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/\",\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/\",\"name\":\"How to configure Firewall on Linux: Complete Guide - VM6 Networks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/firewall.jpg\",\"datePublished\":\"2025-10-19T12:30:22+00:00\",\"dateModified\":\"2025-10-19T12:30:28+00:00\",\"description\":\"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/firewall.jpg\",\"contentUrl\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/firewall.jpg\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/2025\\\/10\\\/19\\\/how-to-configure-firewall-on-linux-complete-guide\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Configure Firewall on Linux: Complete Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/\",\"name\":\"Hosting Blog\",\"description\":\"Web Hosting Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#organization\",\"name\":\"VM6 Networks\",\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/logo@2x3.png\",\"contentUrl\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/logo@2x3.png\",\"width\":572,\"height\":70,\"caption\":\"VM6 Networks\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=61567167860081\",\"https:\\\/\\\/x.com\\\/vm6uk\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/vm6networks?trk=public_post_follow-view-profile\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/73944405d16ba2f72183539123b66914\",\"name\":\"Rob\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g\",\"caption\":\"Rob\"},\"sameAs\":[\"https:\\\/\\\/www.vm6.co.uk\\\/blog\"],\"url\":\"https:\\\/\\\/www.vm6.co.uk\\\/blog\\\/author\\\/rob\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to configure Firewall on Linux: Complete Guide - VM6 Networks","description":"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/","og_locale":"en_US","og_type":"article","og_title":"How to configure Firewall on Linux: Complete Guide - VM6 Networks","og_description":"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.","og_url":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/","og_site_name":"VM6 Networks","article_publisher":"https:\/\/www.facebook.com\/profile.php?id=61567167860081","article_published_time":"2025-10-19T12:30:22+00:00","article_modified_time":"2025-10-19T12:30:28+00:00","og_image":[{"width":1536,"height":1024,"url":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg","type":"image\/jpeg"}],"author":"Rob","twitter_card":"summary_large_image","twitter_creator":"@vm6uk","twitter_site":"@vm6uk","twitter_misc":{"Written by":"Rob","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#article","isPartOf":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/"},"author":{"name":"Rob","@id":"https:\/\/www.vm6.co.uk\/blog\/#\/schema\/person\/73944405d16ba2f72183539123b66914"},"headline":"How to Configure Firewall on Linux: Complete Guide","datePublished":"2025-10-19T12:30:22+00:00","dateModified":"2025-10-19T12:30:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/"},"wordCount":1364,"commentCount":0,"publisher":{"@id":"https:\/\/www.vm6.co.uk\/blog\/#organization"},"image":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg","keywords":["Configure","firewall","install","Linux","secruity","VPS"],"articleSection":["Dedicated Servers","VPS Hosting"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/","url":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/","name":"How to configure Firewall on Linux: Complete Guide - VM6 Networks","isPartOf":{"@id":"https:\/\/www.vm6.co.uk\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#primaryimage"},"image":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg","datePublished":"2025-10-19T12:30:22+00:00","dateModified":"2025-10-19T12:30:28+00:00","description":"Learn how to install and configure firewalls on Linux with our comprehensive guide. Covers UFW, firewalld, and iptables with step-by-step instructions.","breadcrumb":{"@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#primaryimage","url":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg","contentUrl":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/10\/firewall.jpg","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.vm6.co.uk\/blog\/2025\/10\/19\/how-to-configure-firewall-on-linux-complete-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vm6.co.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Configure Firewall on Linux: Complete Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.vm6.co.uk\/blog\/#website","url":"https:\/\/www.vm6.co.uk\/blog\/","name":"Hosting Blog","description":"Web Hosting Blog","publisher":{"@id":"https:\/\/www.vm6.co.uk\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vm6.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vm6.co.uk\/blog\/#organization","name":"VM6 Networks","url":"https:\/\/www.vm6.co.uk\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vm6.co.uk\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/08\/logo@2x3.png","contentUrl":"https:\/\/www.vm6.co.uk\/blog\/wp-content\/uploads\/2025\/08\/logo@2x3.png","width":572,"height":70,"caption":"VM6 Networks"},"image":{"@id":"https:\/\/www.vm6.co.uk\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/profile.php?id=61567167860081","https:\/\/x.com\/vm6uk","https:\/\/www.linkedin.com\/company\/vm6networks?trk=public_post_follow-view-profile"]},{"@type":"Person","@id":"https:\/\/www.vm6.co.uk\/blog\/#\/schema\/person\/73944405d16ba2f72183539123b66914","name":"Rob","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/76cb301db25481fbcf2aa24bffe0fdf3d3e7002d35ed6d48554b341e501e3192?s=96&d=mm&r=g","caption":"Rob"},"sameAs":["https:\/\/www.vm6.co.uk\/blog"],"url":"https:\/\/www.vm6.co.uk\/blog\/author\/rob\/"}]}},"_links":{"self":[{"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/posts\/173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=173"}],"version-history":[{"count":2,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/posts\/173\/revisions"}],"predecessor-version":[{"id":175,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/posts\/173\/revisions\/175"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/media\/176"}],"wp:attachment":[{"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vm6.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}