How to configure a firewall to protect Linux servers from intrusions

How to configure a firewall to protect Linux servers from intrusions

Introduction:
In today's Internet environment, servers face various potential security threats. In order to protect our Linux servers from intrusions, it is crucial to configure a strong firewall. This article will introduce how to use the iptables command to configure a firewall on a Linux server and provide some examples of common rules.

What is iptables?
iptables is a tool used to configure network access rules in the Linux operating system. It is a powerful firewall solution that allows administrators to limit network traffic by defining rules. Using iptables, you can control the flow of packets in and out of your server, thereby enhancing your server's security.

The steps to configure the firewall are as follows:

1. Define the policy:
   Before setting specific rules, you first need to determine the default policy. The default policy determines the action when no matching rule is found. Generally, the least authorization principle should be adopted, that is, denying all traffic by default and allowing only specific traffic to pass. The following example sets the default policy to deny all incoming and outgoing traffic:

   sudo iptables -P INPUT DROP
   sudo iptables -P FORWARD DROP
   sudo iptables -P OUTPUT DROP

2. Allow the required traffic:
   Now, we can define specific rules to allow the required traffic through the firewall. Here are some common rule examples:

• Allow ssh connections (using port 22):

  sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• Allow HTTP connections (using 80 port):

  sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

• Allow HTTPS connections (using port 443):

  sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

• Allow ping (ICMP):

  sudo iptables -A INPUT -p icmp -j ACCEPT

• Allow loopback traffic:

  sudo iptables -A INPUT -i lo -j ACCEPT
  sudo iptables -A OUTPUT -o lo -j ACCEPT

3. Prevent DDoS attacks:
   DDoS (Distributed Denial of Service) attacks are a common A network attack designed to overload the target server and prevent it from providing normal services. An important function of a firewall is to prevent DDoS attacks by limiting the number of connections received per second. The following example limits the maximum number of connections to 20:

   sudo iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 20 -j DROP

4. Logging:
   It is important to configure your firewall to log traffic and events in order to detect and respond to potential attacks in a timely manner. You can use the following rules to record firewall logs to the system log file:

   sudo iptables -A INPUT -j LOG --log-prefix "Firewall: "
   sudo iptables -A OUTPUT -j LOG --log-prefix "Firewall: "
   sudo iptables -A FORWARD -j LOG --log-prefix "Firewall: "

5. Persistence rules:
   After completing the above configuration, you need to save the firewall rules and restart the server automatically loaded later. The firewall configuration can be saved using the following command:

   sudo iptables-save > /etc/iptables/rules.v4

Conclusion:
By configuring the firewall and defining appropriate rules, we can protect the Linux server from intrusions. This article explains how to use iptables commands for firewall configuration and provides examples of some common rules. However, server security is an ongoing process and it is recommended to regularly review and update firewall rules to adapt to changing security threats.

The above is the detailed content of How to configure a firewall to protect Linux servers from intrusions. For more information, please follow other related articles on the PHP Chinese website!