Code-Memo

Firewall configuration

Goals

• Default deny inbound, allow only required services
• Keep rules simple and auditable

Common firewall frontends

• ufw (Debian/Ubuntu-friendly)
• firewalld (RHEL/Fedora-friendly)
• nftables/iptables (low-level)

ufw (example)

sudo ufw status verbose
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw enable

Allow from a subnet only:

sudo ufw allow from 10.0.0.0/24 to any port 22 proto tcp

firewalld (example)

sudo firewall-cmd --state
sudo firewall-cmd --list-all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Verify listening services

ss -tulpn

Related

• Firewalls (iptables, nftables)