Chapter 7
Firewalls
By Nikhila Sattala
15 mins read
In today's ever-evolving digital landscape, security is paramount. Whether you're responsible for managing a web application's infrastructure, maintaining network integrity, or safeguarding sensitive data, firewalls play a pivotal role in your toolkit.
Even though the adoption of cloud-based security services like Cloudflare continues to grow due to their effectiveness and ease of implementation, traditional firewalls remain relevant in many scenarios, especially within private networks and on-premises environments.
Having a strong foundational understanding of firewalls and their inner workings is essential for DevOps engineers, as it empowers you to make informed decisions, avoid common mistakes, and secure your applications effectively.
Here are some fundamental concepts and basics of firewalls that every Linux administrator and DevOps engineer should be aware of:
Having a strong foundational understanding of firewalls and their inner workings is essential for DevOps engineers, as it empowers you to make informed decisions, avoid common mistakes, and secure your applications effectively.
Here are some fundamental concepts and basics of firewalls that every Linux administrator and DevOps engineer should be aware of:
- Purpose of a FirewallUnderstand that a firewall is a network security device or software that acts as a barrier between a trusted internal network and untrusted external networks (e.g., the internet). Its primary purpose is to control and filter network traffic based on predefined rules, policies, and security criteria.
- Packet FilteringKnow that one of the core functions of a firewall is packet filtering. It examines individual packets of data and makes decisions about whether to allow or block them based on rules configured by administrators. Rules are typically defined by IP addresses, port numbers, and protocols (TCP, UDP, ICMP).
- Stateful vs. Stateless FirewallsUnderstand the difference between stateful and stateless firewalls. Stateless firewalls filter packets based on static rules, while stateful firewalls maintain a state table to track the state of active connections, allowing them to make decisions based on the context of traffic.
- Inbound vs. Outbound TrafficRecognize that firewalls can control both inbound and outbound traffic. Inbound traffic is traffic coming from external sources to internal resources, while outbound traffic is traffic leaving internal resources for external destinations.
- Rules and PoliciesLearn how firewall rules and policies are used to define what traffic is permitted and what traffic is denied. Rules are typically organized in rule sets or rule chains, and they are processed in a specific order.
- Default Deny PrincipleEmphasize the default deny principle, which means that by default, a firewall should deny all incoming and outgoing traffic unless there is an explicit rule allowing it. This approach minimizes the attack surface.
- Network ZonesUnderstand the concept of network zones, which categorize different parts of a network based on trust levels. For example, a DMZ (Demilitarized Zone) is a less trusted network segment where public-facing servers are often placed.
- NAT (Network Address Translation)Be aware of Network Address Translation, a technique used to map private IP addresses to a public IP address. This allows multiple internal devices to share a single public IP address and is often used for internet access.
- Logging and MonitoringKnow that firewalls can log traffic events and security incidents. Monitoring and analyzing firewall logs are essential for identifying potential security threats and troubleshooting network issues.
Conclusion