{"id":575,"date":"2019-05-10T14:42:58","date_gmt":"2019-05-10T22:42:58","guid":{"rendered":"https:\/\/angrysysadmins.tech\/?p=575"},"modified":"2019-05-10T14:43:00","modified_gmt":"2019-05-10T22:43:00","slug":"firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld","status":"publish","type":"post","link":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/","title":{"rendered":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld"},"content":{"rendered":"\n

This article will be covering how to setup a basic firewall using each of the four main methods of doing so. I’ll leave covering advanced stuff to James<\/a>, as he’s been somewhat obsessed with learning the complicated aspects of firewalls recently, but the basic are also important.<\/p>\n\n\n\n

UFW<\/h2>\n\n\n\n

I’ll start with the simplest one. UFW is a simple frontend to iptables<\/code> that makes it easy to block and allow ports and have persistence across reboots. Most major distributions have it available in their standard repositories of packages.

So to start off, installing the packages is usually done with some variation of:<\/p>\n\n\n\n

apt install ufw
pacman -S ufw<\/pre>\n\n\n\n

Or whatever applies to your distro. Once the install finishes, we can start making rules.

As I said above, this is just going to be a basic firewall, so no fancy forwarding or even logging. Just blocking and allowing ports.<\/p>\n\n\n\n
ufw default deny
ufw allow ssh<\/pre>\n\n\n\n

The first command will block all incoming traffic by default, as well as set forwarded traffic to deny. The second will allow inbound SSH traffic, so that when we turn the firewall on we will still have access.

If needed, you can also specify a protocol for UFW to allow in. For example, pretending this is a DNS server:<\/p>\n\n\n\n
ufw allow 53\/udp<\/pre>\n\n\n\n

Once you are happy with the ports that you have allowed (make sure that you will still have access!), you can start the firewall with:<\/p>\n\n\n\n
ufw enable
ufw status verbose<\/pre>\n\n\n\n

And ta-da, you have a basic UFW firewall!<\/p>\n\n\n\n
firewalld<\/h2>\n\n\n\n
firewalld<\/a> is Red Hat’s baby, and is kinda like UFW on steroids. It is also a frontend to nftables<\/code> or iptables<\/code>, but is significantly more powerful and can handle multiple rulesets. For example, it allows you to have different rules for different nics, as well as runtime and permanent configs (think Cisco IOS and having to do “commit; save<\/code>” in order for rules to survive reboots).

If it is not pre-installed on your server, it can usually be installed as the firewalld<\/code> package. For example on Arch:<\/p>\n\n\n\n
pacman -S firewalld<\/pre>\n\n\n\n

And then the service will have to be started and enabled:<\/p>\n\n\n\n
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --state<\/pre>\n\n\n\n

As I said earlier, this is just going to be a basic overview of each option. So I won’t be going over how to having different zones for each interface and such. Just one zone on one interface.

To start with, to set the default policy to drop all traffic that doesn’t match our allow rules, we can set the default zone to drop:<\/p>\n\n\n\n
firewall-cmd --set-default-zone=drop<\/pre>\n\n\n\n

This will make the change immediately and permanently, but established connections will be maintained. And now to allow future SSH  traffic into the machine, we can do:<\/p>\n\n\n\n
firewall-cmd --zone=drop --permanent --add-service=ssh<\/pre>\n\n\n\n

The --permanent<\/code> flag will make the change persist across reboots, removing it will have the change only be present until firewalld<\/code> is reloaded.

Now, going back to the DNS server example used above, you can specify a port and protocol to allow using a command like this:<\/p>\n\n\n\n
firewall-cmd --zone=drop --add-port=53\/udp<\/pre>\n\n\n\n

And like when adding a service, including a --permanent<\/code> will make the change persistent.

With that, you have a basic firewalld<\/code> firewall. firewalld<\/code> do can do way more than just this if you dig deeper into its documentation, though! So it could be worth it to do so.<\/p>\n\n\n\n
iptables<\/h2>\n\n\n\n
The programs so far have both been frontends to iptables<\/a> that aim to make it easier to interact with. But by doing so, some of the power granted by iptables<\/code> is lost. However, that is the sort of thing I’ll leave to James to cover some day.

It is very likely that iptables<\/code> is already installed on your system. If not, install the “iptables<\/code>” package. You do not need to start a service for it, but you will potentially need to enable one. For now, we will set rules up. To make sure that we won’t lose connection to the box, first allow established traffic:<\/p>\n\n\n\n
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<\/pre>\n\n\n\n

And now we can safely set the default policy to DROP, like so:<\/p>\n\n\n\n
iptables -P INPUT DROP<\/pre>\n\n\n\n

This will block all traffic by default, but rather than informing the client it was denied, the server will allow the connection to timeout. And now to allow traffic in we can do:<\/p>\n\n\n\n
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT<\/pre>\n\n\n\n

That will allow incoming tcp traffic to port 22 and udp traffic to port 53.

Now to make these rules persist. On systems with OpenRC, you can usually do something like follows:<\/p>\n\n\n\n
rc-update add iptables default
service iptables save<\/pre>\n\n\n\n

And on systemd<\/code> machines:<\/p>\n\n\n\n
systemctl enable iptables
iptables-save > \/etc\/iptables\/iptables.rules<\/pre>\n\n\n\n

Both examples will write the rules to a file and then load them back in on reboot. If you use systemd<\/code> and do not have an iptables.service<\/code> file, here is what mine looks like:<\/p>\n\n\n\n
[Unit] 
Description=IPv4 Packet Filtering Framework 
Before=network-pre.target 
Wants=network-pre.target 
 
[Service] 
Type=oneshot 
ExecStart=\/usr\/bin\/iptables-restore \/etc\/iptables\/iptables.rules 
ExecReload=\/usr\/bin\/iptables-restore \/etc\/iptables\/iptables.rules 
ExecStop=\/usr\/lib\/systemd\/scripts\/iptables-flush 
RemainAfterExit=yes 
 
[Install] 
WantedBy=multi-user.target
<\/pre>\n\n\n\n

Save that as \/usr\/lib\/systemd\/system\/iptables.service<\/code>, and then enable the service. The iptables-flush<\/code> script it references looks like this:<\/p>\n\n\n\n
#!\/bin\/bash 
# 
# Usage: iptables-flush [6] 
# 
 
iptables=ip$1tables 
if ! type -p \"$iptables\" &>\/dev\/null; then 
  echo \"error: invalid argument\" 
  exit 1 
fi 
 
while read -r table; do 
  tables+=(\"\/usr\/share\/iptables\/empty-$table.rules\") 
done <\"\/proc\/net\/ip$1_tables_names\" 
 
if (( ${#tables[*]} )); then 
  cat \"${tables[@]}\" | \"$iptables-restore\" 
fi
<\/pre>\n\n\n\n

With that done, you should have a functioning iptables<\/code> firewall!<\/p>\n\n\n\n
nftables<\/h2>\n\n\n\n

iptables<\/code> has been deprecated for a while now, and nftables<\/a> is its horribly documented successor. Hopefully this remedies that a little bit.

There is a chance that nftables<\/code> is already installed on your system, but if not the package is usually just called “nftables<\/code>“.

First, start and enable the service:<\/p>\n\n\n\n
systemctl enable nftables
systemctl start nftables<\/pre>\n\n\n\n

The starting ruleset may differ a little by OS, so nuke it:<\/p>\n\n\n\n
nft flush ruleset
nft add table inet filter
<\/pre>\n\n\n\n

After doing that, we will need to add our chains. For now the default policy for incoming traffic will be accept, otherwise we’ll lock ourselves out. To add our default chains, the commands are:<\/p>\n\n\n\n
nft add chain inet filter input { type filter hook input priority 0\\; policy accept\\; }
nft add chain inet filter forward { type filter hook forward priority 0\\; policy drop\\; }
nft add chain inet filter output { type filter hook output priority 0\\; policy accept\\; }<\/pre>\n\n\n\n

The backslashes are required. Without them your shell will try to interpret this as listing several commands. Also, I’ve found that zsh requires that the {} be escaped as well.

And now to add the allowed ports., as well as traffic related to connections on those ports. That can be done like so:<\/p>\n\n\n\n
nft add rule inet filter input ct state { established, related } accept
nft add rule inet filter input tcp dport ssh accept
nft add rule inet filter input udp dport 53 accept
<\/pre>\n\n\n\n

Finally, to set the default policy to drop incoming traffic:<\/p>\n\n\n\n
nft chain inet filter input { type filter hook input priority 0\\; policy drop\\; }
<\/pre>\n\n\n\n

Running nft list ruleset<\/code> will display the current rules, which should look something like this:<\/p>\n\n\n\n
\"Current
nft list ruleset<\/figcaption><\/figure>\n\n\n\n

With that, you should have a functioning nftables<\/code> firewall. To have it persist across reboots, the method is similar to iptables<\/code>. With systemctl<\/code>, it will usually read from \/etc\/nftables.conf.<\/p>\n\n\n\n
nft list ruleset > \/etc\/nftables.conf
systemctl enable nftables
systemctl start nftables<\/pre>\n","protected":false},"excerpt":{"rendered":"
This article will be covering how to setup a basic firewall using each of the four main methods of doing so. I’ll leave covering advanced stuff to James, as he’s been somewhat obsessed with learning the complicated aspects of firewalls recently, but the basic are also important. UFW I’ll start with the simplest one. UFW 
Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[105,106,8,108,107],"tags":[109,134,97,111,98,133],"coauthors":[37],"class_list":["post-575","post","type-post","status-publish","format-standard","hentry","category-firewall","category-iptables","category-linux","category-netfilter","category-nftables","tag-firewall","tag-firewalld","tag-iptables","tag-netfilter","tag-nftables","tag-ufw"],"yoast_head":"\nFirewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins<\/title>\n<meta name=\"description\" content=\"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins\" \/>\n<meta property=\"og:description\" content=\"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/\" \/>\n<meta property=\"og:site_name\" content=\"Angry Sysadmins\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-10T22:42:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-10T22:43:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png\" \/>\n<meta name=\"author\" content=\"Cat Kasin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cat Kasin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/\"},\"author\":{\"name\":\"Cat Kasin\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\"},\"headline\":\"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld\",\"datePublished\":\"2019-05-10T22:42:58+00:00\",\"dateModified\":\"2019-05-10T22:43:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/\"},\"wordCount\":967,\"commentCount\":6,\"image\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Screenshot_20190506_135935.png\",\"keywords\":[\"firewall\",\"firewalld\",\"iptables\",\"netfilter\",\"nftables\",\"ufw\"],\"articleSection\":[\"Firewall\",\"iptables\",\"Linux\",\"netfilter\",\"nftables\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/\",\"name\":\"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Screenshot_20190506_135935.png\",\"datePublished\":\"2019-05-10T22:42:58+00:00\",\"dateModified\":\"2019-05-10T22:43:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\"},\"description\":\"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#primaryimage\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Screenshot_20190506_135935.png\",\"contentUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Screenshot_20190506_135935.png\",\"width\":539,\"height\":294},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/05\\\/bailey\\\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/angrysysadmins.tech\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#website\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/\",\"name\":\"Angry Sysadmins\",\"description\":\"A site full of angry sysadmins here to vent and help\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/angrysysadmins.tech\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\",\"name\":\"Cat Kasin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g23b0ffb86dd6c08514a66a6a50f7a0a9\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g\",\"caption\":\"Cat Kasin\"},\"description\":\"I build virtual environments and challenges for Cybersecurity students to complete as a way to gain experience before graduating and entering the workforce.\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/author\\\/bailey\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins","description":"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/","og_locale":"en_US","og_type":"article","og_title":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins","og_description":"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.","og_url":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/","og_site_name":"Angry Sysadmins","article_published_time":"2019-05-10T22:42:58+00:00","article_modified_time":"2019-05-10T22:43:00+00:00","og_image":[{"url":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png","type":"","width":"","height":""}],"author":"Cat Kasin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cat Kasin","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#article","isPartOf":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/"},"author":{"name":"Cat Kasin","@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d"},"headline":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld","datePublished":"2019-05-10T22:42:58+00:00","dateModified":"2019-05-10T22:43:00+00:00","mainEntityOfPage":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/"},"wordCount":967,"commentCount":6,"image":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#primaryimage"},"thumbnailUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png","keywords":["firewall","firewalld","iptables","netfilter","nftables","ufw"],"articleSection":["Firewall","iptables","Linux","netfilter","nftables"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/","url":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/","name":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld - Angry Sysadmins","isPartOf":{"@id":"https:\/\/angrysysadmins.tech\/#website"},"primaryImageOfPage":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#primaryimage"},"image":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#primaryimage"},"thumbnailUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png","datePublished":"2019-05-10T22:42:58+00:00","dateModified":"2019-05-10T22:43:00+00:00","author":{"@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d"},"description":"How to use ufw, firewalld, iptables, or nftables to make a basic Linux firewall.","breadcrumb":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#primaryimage","url":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png","contentUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/05\/Screenshot_20190506_135935.png","width":539,"height":294},{"@type":"BreadcrumbList","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/05\/bailey\/firewalls-how-to-setup-a-basic-firewall-using-ufw-iptables-nftables-or-firewalld\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/angrysysadmins.tech\/"},{"@type":"ListItem","position":2,"name":"Firewalls: How to setup a basic firewall using UFW, iptables, nftables, or firewalld"}]},{"@type":"WebSite","@id":"https:\/\/angrysysadmins.tech\/#website","url":"https:\/\/angrysysadmins.tech\/","name":"Angry Sysadmins","description":"A site full of angry sysadmins here to vent and help","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/angrysysadmins.tech\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d","name":"Cat Kasin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g23b0ffb86dd6c08514a66a6a50f7a0a9","url":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g","caption":"Cat Kasin"},"description":"I build virtual environments and challenges for Cybersecurity students to complete as a way to gain experience before graduating and entering the workforce.","url":"https:\/\/angrysysadmins.tech\/index.php\/author\/bailey\/"}]}},"_links":{"self":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/comments?post=575"}],"version-history":[{"count":15,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/575\/revisions"}],"predecessor-version":[{"id":610,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/575\/revisions\/610"}],"wp:attachment":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/media?parent=575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/categories?post=575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/tags?post=575"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/coauthors?post=575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}