Configure Linux Firewall ACL Rules

After taking this Configure Linux Firewall ACL Rules IT Pro Challenge lab, learners will understand how to view, configure, and modify firewall rules to block and allow SSH traffic. They will learn how to verify the changes that they make, how to use sudo commands, and why some companies choose to block SSH traffic.

Anyone pursuing a career as a systems or network administrator needs to have knowledge of firewall rules and how order matters.

Overview

The objective of this virtual lab is to help the learner understand how to control inbound and outbound network traffic to a specific Linux server by enabling the firewall, configuring the firewall rules to both allow and deny network traffic, and then re-ordering a firewall rule.

The learner will become comfortable using various commands (ping, ifconfig, sudo) to manipulate firewalls and rules and view the results of any changes that they make to the firewall rules.

They will also gain an understanding of ICMP and why some companies choose to block echo requests to mitigate damage that could be caused by a hacker or attack.

Turn on the firewall

First, you’re going to learn how to obtain the IP address of a machine by using the ifconfig command. You will then ping that IP address and view the results.

Then you’re going to use the sudo ufw status command to view the firewall status, and the sudo ufw enable command to enable the firewall. You will verify that the running firewall is enabled by running the sudo ufw status verbose command.

Uncomplicated Firewall (UFW) is an easy to use (uncomplicated) command line program for managing firewalls. The sudo command allows you to execute a command as another user.

Block ICMP echo requests

ICMP is a protocol commonly used on network devices like routers to send error messages as well as success/fail messages from communication with another IP address. Many companies choose to block ICMP echo requests to avoid an issue called “ping flood,” whereby an attacker can bombard the system with so many ping requests that it results in a denial of service error.

In this part of the virtual lab, you’re going to block ICMP echo requests by editing the before rules file and commenting out the line that allows ping requests. You will verify your work by trying to ping the server for which you just blocked echo requests.

Allow SSH traffic through the firewall

Secure Shell (SSH) is a secure network protocol that is used to secure network traffic on an unsecured network.

To allow SSH traffic, you’re going to configure a firewall rule on the first Linux server. You will test your work by logging into the second Linux server to create an SSH connection to the first Linux server.

Block all traffic from Linux2

Finally, you will learn how to block all traffic from a Linux server, as well as view the numbered firewall rules and re-order those rules. You will verify that you blocked all traffic by trying to create an SSH connection to the server and seeing the connection time out.

Summary Conclusion

By taking this virtual lab, you will learn how to enable the Linux UFW, configure various firewall rules to both allow and deny network traffic, and configure and re-order firewall rules.

Through this process, you will learn about UFW and how to use various sudo command line operations to manipulate and view firewall rules.