- Jun 15, 2017
- by Brad Litwin
Chances are you’ve heard about firewalls before. They’re one of the most effective – but least understood – types of security measure you can implement. While they’re fairly complex pieces of software, it’s still useful to know how they work and how to set them up.
Simply put, a firewall can stop unwanted connections to your site, if you know how to spot them. In today’s world, where sites are under constant attack, a firewall can be one of your best defenses against intrusions.
In this article, we’ll explain what firewalls are and why you might need one. Then, we’ll teach you how to implement two types of firewalls for your site. Let’s batten down the hatches!
An Introduction to Firewalls (And Why You Might Need One)
Despite their fancy name, firewalls are basically pieces of software that block unwanted access to your server while still enabling it to work as usual. It’s something needed by practically everyone running a site, and there are a number of benefits:
- You can block access selectively. Blocking your server doesn’t mean that no one will be able to access it. In fact, you can configure your firewall to grant access only to a few specific users (identified by their IP addresses).
- They minimize the chances of an attack on your site. Most servers store some kind of sensitive information including documents, email addresses, and passwords. Naturally, a lot of this data is encrypted – but you still don’t want any leaks on your watch.
- They’re relatively easy to set up. Many hosting providers and Content Management Systems (CMSs) include options to set up specific types of firewalls.
With that in mind, let’s talk about how to implement two of the most common types of firewalls, and how they work.
2 Ways to Implement a Server Firewall
There are a lot of options available when it comes to firewalls, but today we’re going to focus on two of the easiest to implement: advanced policy firewalls and those based on IP tables.
Keep in mind that while we support both of these types of firewalls at A2 Hosting, you’ll need root access to implement them. This means they will only work for Virtual Private Servers (VPS) and dedicated ones.
1. Configure a Firewall Using IP Tables
IP tables enable you to grant or deny access to specific services and IP addresses. This provides you with full control over everything that goes in and out of your server, including Transmission Control Protocol (TCP) and Secure Shell (SSH) connections. In short, it’s going to be suitable for those who like to use the command line.
If you’re on a VPS or a dedicated server, you should have access to the iptables program, which comes by default with most Linux distributions. The first thing you need to do is review that it doesn’t have any rules set by default by typing the following command on your console:
This will return three sets of rules or chains – one each for your incoming, outgoing, and forwarding packets, and all of them should include a line that reads policy ACCEPT. To add a new rule to a particular chain, you’ll need to use this command:
iptables -A INPUT -p tcp -m tcp --dport 7822 -j ACCEPT
This enables incoming TCP connections through port 7822, which is commonly used by SSH. Don’t worry, we’ll link you to a resource with information about all the commands you need to know in a minute. For now, let’s add another rule which will enable incoming TCP connections through port 80 (HTTP):
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
Keep in mind, port 80 is most commonly used for servers to transfer information since the HTTP protocol is still prevalent. However, if you’ve set up a Secure Sockets Layer Certificate (SSL) for your site, you’ll also want to enable access through port 443 (which is the default for HTTPS). Here’s how to do it:
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Simple, right? Now, if you want to block a specific IP address from accessing your server, all it takes is another iptables command. For example:
iptables -I INPUT rulenum -s 'IP address goes here' -j DROP
The DROP rule will instruct your server to block all types of connections from a specific IP address.
Now that you have the basics of iptables down, we recommend you check out our knowledge base for more commands that you can use with the program (as well as how to save and delete rules).
2. Install an Advanced Policy Firewall
If you’re not a big fan of the command line, the Advanced Policy Firewall (APF) is an alternative that enables you to configure a firewall using a simple text editor. However, you’ll also need to use a particular program, and this one isn’t included by default on most Linux distributions (unlike iptables).
As you might imagine, you’ll need to use the command line to set it up, but the process is fairly simple. Just follow these instructions, and when you’re done, you’ll be able to configure your firewall by accessing the following file:
The choice of which text editor to use is in your hands, but the process remains the same. Just pick your favorite one and open that file with it. If you’re a Vim user, for example, you’d use this command:
Once you’re in, you’ll want to find the following lines:
Those are merely the default values, but you’ll need to replace them so that your firewall is effective. For example, changing the value of SET_MONOKERN to 1 will enable the program to be installed into the kernel and not as a package, which is necessary for it to work.
Moving on, you’ll also need to change the value of HELPER_SSH_PORT to 7822, which is the default for SSH connections, as you might remember from the previous section.
Finally, add the TCP ports you want to enable to the values of the last line. For example:
IG_TCP_CPORTS="80, 7822, 443"
That will enable connections through HTTP, SSH, and HTTPS, respectively. Finally, save the changes to the conf.apf file and start the APF program using the following command:
Now you’re all set. For more information on how to configure your advanced policy firewall, take a look at our knowledge base, which includes more examples and guidelines.
Server Firewall Conclusion
Implementing a firewall is one of the most effective methods to stop attacks on both your sites and your local computers. As far as websites go, chances are yours may be exposed to attacks even if you’re not aware of it. That’s why you need to learn how to secure yours in every way possible.
Depending on your hosting plan, you may be able to implement two types of firewalls on your website. Let’s recap their individual strengths:
- IP table firewalls: If you’re comfortable using the command line, this might be the right choice for you.
- Advanced policy firewalls: This choice enables you to set up a firewall using a simple text editor.
Image credit: Pixabay.