A firewall is a classic and important security consideration for both network-capable devices as well as entire networks. Firewalls constrain the flow of information in one of a number of ways, usually by restricting the source or destination addresses of incoming or outgoing network traffic (like a water valve). These traffic patterns are typically called netflows.

• 1 Overview
• 2 Network perimeter firewalls
• 3 Host-based firewalls
• 3.1 iptables
• 3.2 Uncomplicated Firewall (ufw)

Overview¶

Firewalls can generally be grouped into two types, based on their purpose, although the distinction is more conceptual than technical. These are:

1. network-perimeter firewalls, and,
2. host-based firewalls.

The former are used primarily for shaping a netflow, performing network security monitoring, or are dedicated specifically to routing. The latter are used primarily for host-based security hardening, to raise the bar an attacker must clear in order to penetrate or exfiltrate data from a target system. Network perimeter firewalls are technically also host-based firewalls, since the firewall itself must be installed and running on some CPU, it’s just positioned at the edge of the network, hence the name and specialized role.

Network perimeter firewalls¶

TK-TODO

See also Awesome Cybersecurity Blueteam § Firewall applications or distributions.

Host-based firewalls¶

iptables¶

The iptables(8) utility is a userland program that can examine and manipulate the Linux kernel’s Internet Protocol (IP) packet filtering rules. It is primarily used for applying rules against which incoming and outgoing network packets are compared and then either accepting, rejecting, or taking some other action when a given packet matches one of the applied rules. See the iptables page for more details.

Uncomplicated Firewall (ufw)¶

The ufw firewall is a wrapper around iptables and provides simplified semantics for interacting with the underlying iptables command.