Professional Documents
Culture Documents
Are Awesome
Virus Infected System
Having Firewall Enabled
Hardware Firewall
Hardware Firewall
Working of Firewall
• Firewall is used to control incoming & outgoing traffic in any device or
network.
• Firewall decides which traffic can come in machine (network) & which
can go out of it.
• Firewall can be found at every level in any network. E.g. Computer,
Router, Server & Other Networking Devices.
• Firewall can also forward packets to next machine (network) which
are coming from other machines (networks), if your machine is
working as router.
• Both types of traffic incoming as well as outgoing can be controlled
with Firewall.
Working of Firewall
• Generally no restrictions are there on outgoing traffic from your
machine (PC), by default firewall doesn’t block all outgoing traffic. We
manage outgoing traffic with the help of Proxy Server in network.
• Firewall controls or restricts all incoming traffic except the traffic that
is coming in response of any request, by default on clients (PCs) it
doesn’t allow any unattended traffic to come in. It drops such traffic.
Working of Firewall
Destinatio Destinatio Source
Source Source IP Request
n n IP MAC
Port Address type
Port Address Address
INTERNET
OR
INTRANET
Destinatio
Destinatio Destinatio n
Source Source IP Response
n n IP
Port Address MAC type
Port Address
Address
Working of Firewall
INTERNET
Destinatio
Destinatio Destinatio
Source Source IP n Response
n n IP
Port Address MAC type
Port Address
Address
Personal Computer
Redhat Server
Manging Firewall in Linux (RHEL)
Redhat Enterprise Linux 6 (RHEL 6) Redhat Enterprise Linux 7 (RHEL 7) Redhat Enterprise Linux 8 (RHEL 8)
1. IPTABLES is the default utility to 1. Firewalld is the default service used 1. Only Firewalld is the default
manage and monitor firewall to manage and monitor firewall as well service used to manage and monitor
configuration as well as its its components but IPTABLES can also firewall as well its components.
components. be used.
2. Only IPTABLES command is used to 2. FIREWALL-CMD command is used to 2. Only FIREWALL-CMD command is
manage Firewall. manage Firewall but IPTABLES can also used to manage Firewall.
be used.
3. Packets filtering is possible 3. To use IPTABLES first remove the 3. Only Firewalld can be used, no
through IPTABLES only. Firewalld packages, then install & support for IPATBLES command.
enable IPTABLES.
4. Netfilter is the kernel module used 4. Netfilter is the kernel module used 4. Netfilter is the kernel module
for packet filtering. for packet filtering. used for packet filtering.
5. GUI Package used to manage 5. GUI Package used to manage firewall 5. GUI Package used to manage
firewall is system-config-firewall. is firewall-config. firewall is firewall-config.
Manging Firewall in Linux
(RHEL)
Redhat Enterprise Linux 6 (RHEL 6) Redhat Enterprise Linux 7 (RHEL 7) Redhat Enterprise Linux 8 (RHEL 8)
8. # service iptables status command 8. # systemctl status firewalld 8. # systemctl status firewalld
is used to check the firewall status. command is used to check the firewall command is used to check the firewall
status. status.
Manging Firewall in Linux
(RHEL)
GUI GUI CLI
CLI
RHEL 6 RHEL 7
Manging Firewall in Linux
(RHEL)
GUI CLI
RHEL 8
Managing Firewall Form GUI in
RHEL
Firewall Zones in Linux (RHEL)
The predefined zones are stored in the /usr/lib/firewalld/zones/ directory and can be instantly applied to any
available network interface. These files are copied to the /etc/firewalld/zones/ directory only after they are
modified. The default settings of the predefined zones are as follows:
Block:
Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-
adm-prohibited for IPv6. Only network connections initiated from within the system are possible.
Dmz:
For computers in your demilitarized zone that are publicly-accessible with limited access to your internal
network. Only selected incoming connections are accepted.
Drop:
Any incoming network packets are dropped without any notification. Only outgoing network connections are
possible.
External:
For use on external networks with masquerading enabled, especially for routers. You do not trust the other
computers on the network to not harm your computer. Only selected incoming connections are accepted.
Manging Firewall in Linux
Home:
(RHEL)
For use at home when you mostly trust the other computers on the network. Only selected incoming
connections are accepted.
Internal:
For use on internal networks when you mostly trust the other computers on the network. Only selected
incoming connections are accepted.
Public:
For use in public areas where you do not trust other computers on the network. Only selected incoming
connections are accepted.
Trusted:
All network connections are accepted.
Work:
For use at work where you mostly trust the other computers on the network. Only selected incoming
connections are accepted.
One of these zones set as default zone.
Ports Information In Firewall
• Size of one port = 16 bits, each bit may have the value as 0 or 1. So in total only 2 values
are possible for each bit, i.e. 2.
• Total size of bits can be 2^16 = (2)16 = 65536, ranging from (0000000000000000)2 to
(1111111111111111)2
• Here binary (0000000000000000)2 = 0 in decimal numbers.
• And binary (1111111111111111)2 = 65535 in decimal numbers.
• Ports ranging from 0 to 1023 are called well known ports are reserved for important
services like:
FTP = 20, 21
SSH = 22
Telnet = 23
SMTP = 25
Ports Information In Firewall
DNS = 53
DHCP = 67, 68
HTTP = 80
POP3 = 110
HTTPS = 443
• Ports ranging from 1024 to 65535 are called as unreserved ports which can be
manually defined and used for other services.