Configure a Firewall using UFW (Ubuntu) and Firewalld (RHEL)

Configure a firewall using UFW and Firewalld

Learn how to configure a Linux firewall using UFW on Ubuntu and Firewalld on RHEL. Step-by-step CLI examples, best practices, and comparison tables included.

Table of Contents

🔈Introduction

Securing your Linux server is a critical step in system administration. One of the foundational layers of server security is the firewall — a system that controls incoming and outgoing traffic based on predefined rules. In this guide, we’ll walk you through configuring firewalls using two widely adopted tools: UFW (Uncomplicated Firewall) for Ubuntu systems and Firewalld for RHEL-based distributions like CentOS, AlmaLinux, and Fedora.

📝 Introduction to Linux Firewalls

A firewall is a network security system that monitors and controls incoming and outgoing traffic. Linux distributions commonly use iptables, but front-end tools like UFW and Firewalld simplify the management process.

🔐 Goal: Minimize security risks by controlling which services are exposed to the internet.

🧠 Understanding UFW on Ubuntu

UFW (Uncomplicated Firewall) is the default firewall management tool for Ubuntu. It’s a front-end for iptables, designed to make configuration easier for users who are new to firewall management.

🔑 Key Features:

  • Simple syntax
  • IPv4 and IPv6 support
  • Integration with application profiles
  • Logging capabilities

▶️ How to Configure UFW

Let’s walk through setting up a firewall with UFW on an Ubuntu system.

✅ Step 1: Install UFW (if not already installed)

				
					sudo apt update
				
			
				
					sudo apt install ufw

✅ Step 2: Check UFW Status

				
					sudo ufw status verbose

If it’s inactive, you’ll need to enable it after configuration.

✅ Step 3: Set Default Rules

Before allowing or denying traffic, set default policies:

				
					sudo ufw default deny incoming
				
			
				
					sudo ufw default allow outgoing

✅ Step 4: Allow Essential Services

Here’s how to allow SSH (port 22) so you don’t get locked out:

				
					sudo ufw allow ssh

Or specify port and protocol:

				
					sudo ufw allow 22/tcp

✅ Step 5: Add More Rules

ActionCommand Example
Allow HTTPsudo ufw allow 80/tcp
Allow HTTPSsudo ufw allow 443/tcp
Deny a Portsudo ufw deny 21/tcp
Allow by Subnetsudo ufw allow from 192.168.1.0/24

✅ Step 6: Enable UFW

Once your rules are configured:

				
					sudo ufw enable

✅ Step 7: Check Rules

				
					sudo ufw status numbered

✅ Step 8: Delete Rules (if needed)

				
					sudo ufw delete <rule-number>

🧠 Understanding Firewalld on RHEL

Firewalld is the default firewall service in Red Hat Enterprise Linux, CentOS, AlmaLinux, and Fedora. It uses zones and services to manage rules dynamically without restarting the firewall.

🔑 Key Features:

  • Zone-based control
  • Support for IPv4, IPv6, Ethernet bridges
  • Rich rules with granular control
  • Persistent and runtime configurations

▶️ How to Configure Firewalld

Let’s go through configuring Firewalld on RHEL-based systems.

✅ Step 1: Install and Start Firewalld

				
					sudo dnf install firewalld      # If not already installed
				
			
				
					sudo systemctl enable  --now firewalld

✅ Step 2: Check Firewalld Status

				
					sudo firewall-cmd --state

✅ Step 3: Understand Zones

Each interface is assigned to a zone with specific rules. Common zones include:

ZoneDescription
publicDefault zone for public interfaces
internalFor trusted internal networks
dropDrops all incoming connections
trustedAll connections are accepted

Check the active zone:

				
					sudo firewall-cmd --get-active-zones

✅ Step 4: Assign Interfaces to Zones

				
					sudo firewall-cmd --zone=public --change-interface=eth0 --permanent

✅ Step 5: Allow Services or Ports

To allow services:

				
					sudo firewall-cmd --zone=public --add-service=http --permanent

To allow specific ports:

				
					sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

Apply the changes:

				
					sudo firewall-cmd --reload

✅ Step 6: View Current Configuration

				
					sudo firewall-cmd --list-all

✅ Step 7: Remove Rules (if needed)

				
					sudo firewall-cmd --zone=public --remove-service=http --permanent
				
			
				
					sudo firewall-cmd --reload

📋 Comparison: UFW vs Firewalld

FeatureUFW (Ubuntu)Firewalld (RHEL)
Default DistroUbuntu/DebianRHEL/CentOS/Fedora
Backendiptablesnftables or iptables
Rule TypesPort/ApplicationZones/Services/Ports
Runtime ConfigNo (requires restart)Yes (changes can be immediate)
Ease of UseVery user-friendlyMore advanced and flexible
LoggingSupportedSupported

🌐 Best Practices for Linux Firewall Configuration

Whether you use UFW or Firewalld, the following best practices apply:

  • Allow only necessary services – Minimize exposed ports.
  • Always allow SSH before enabling the firewall – Prevent lockouts.
  • Test before applying rules – Use a second session to ensure access.
  • Use logging cautiously – Log denied connections to monitor suspicious activity.
  • Use zones (Firewalld) or profiles (UFW) – For better management of interfaces and services.
  • Document your changes– Helps in audits and troubleshooting.

🏁 Conclusion

Both UFW and Firewalld are excellent firewall management tools that cater to different Linux ecosystems. If you’re using Ubuntu, UFW provides a beginner-friendly approach. For RHEL-based systems, Firewalld offers flexibility through zones and rich configurations. Whichever you choose, ensuring your firewall is properly configured is crucial to securing your Linux environment.

💡Don’t leave your firewall as an afterthought — it’s your server’s first line of defense.

Did you find this article helpful? Your feedback is invaluable to us! Feel free to share this post with those who may benefit, and let us know your thoughts in the comments section below.

📕 Related Posts
Tags

Leave a Reply

Your email address will not be published. Required fields are marked *