Firewall configuration

https://drive.google.com/file/d/12KMmIOUfDRMAax2w3xXzLjEB9S3EJhLk/view?usp=sharing

1. What is a Firewall?

Core Purpose

Traffic Filter: Controls incoming/outgoing network traffic based on security rules
Security Barrier: Protects private networks from unauthorized internet access
Critical for:
- Organizations with sensitive data
- Servers exposed to public networks
- Preventing lateral movement during breaches

💡 Key Insight:

Firewalls implement defense in depth—even if one device is compromised, others stay protected.

2. Firewalld vs. iptables

Feature	Firewalld (RHEL 8 Default)	iptables (Legacy)
Management	Dynamic (runtime changes)	Static (requires restart)
Configuration	Zones, Services, Rich Rules	Raw packet filtering rules
Interface	`firewall-cmd`, GUI, XML files	Command-line only
Persistence	Automatic (`--permanent`)	Manual save/restore
Use Case	Modern servers, dynamic environments	Legacy systems, custom rules

⚠️ RHEL 8 Note:

Firewalld is default—iptables rules are managed through firewalld's backend.

3. Firewalld Installation & Basic Setup

Install and Enable

# Remove if conflicting (rarely needed)
sudo dnf remove firewalld -y

# Install and enable
sudo dnf install firewalld -y
sudo systemctl enable --now firewalld
sudo systemctl status firewalld

# Verify running
firewall-cmd --state    # Should return "running"

4. Core Concepts: Zones and Services

Zones (Predefined Security Levels)

Zone	Policy	Use Case
`public`	Default for untrusted networks	Internet-facing servers
`dmz`	Limited access to LAN	Public servers needing internal access
`internal`	Trusted internal network	Corporate LAN
`home`	Trustworthy home network	Home PCs
`drop`	All incoming dropped	Highly secure systems
`block`	All incoming rejected	Similar to drop but sends rejection