Linux Network

Network in Linux is a core function that essentially connects the Linux system to different devices for communication. You might to use it for web access, system integration or file transfers. Mastering network configuration in Linux system is a mandatory if you have related task in cloud computing, infrastructure, microservices, etc.

Let’s start by describing 7 layers of network that you familiar heard or seen before. Have you heard or seen about it? L7? L5? or L3? So basically 7 layers of network came from an Open System Interconnection (OSI) model that standardized as a standard protocol back in 1980s. Currently, some network protocol only uses simpler TCP/IP model that only consist of 4/5 layers.

1980s OSI Model vs TCP/IP Model (source — imperva)

For more the details about network protocols, you can read it here!

In this page, let’s learn together every network function in Linux that commonly used and it’s fundamental to deep dive about it of course!

Firewall

Firewall is a part of network security system that filters and also controls the traffic on a predetermined set of rules. So basically, when a data packet moves into or out of protected network space, its contents are tested against the firewall rules.

Most Linux distros includes default firewall tools that can be configured in any case that you want. Commonly, iptables is a default command that provided to establish firewall. There are three different chains that used in firewall function which are INPUT, OUTPUT, FORWARD with three different policies (ACCEPT, DROP, REJECT).

How firewall works in security network system.

IPTABLES

Iptables is a command that mostly included in Linux distro that monitors traffic from and to your server or system using tables. It contains sets of rules, chains, and policy that filters incoming and outgoing data packets. If it doesn’t exist, you can install it through these commands

sudo apt-get update
sudo apt-get install iptables

# Try to check your current iptables configuration
sudo iptables -L -v

## OUTPUT OF THE COMMAND ABOVE
#  Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
#  pkts bytes target     prot opt in out   source destination
# 
#  Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
#  pkts bytes target     prot opt in out   source destination
#  
#  Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
#  pkts bytes target     prot opt in out   source destination

For more the technical details about ip tables, you can jump to another page that I made here!

UFW (Uncomplicated Firewall)

From every aspect in Linux security, there are many tools that provided and most of it is complex (such as iptables) that truly make the most out of the system takes weeks or even months to configured and setup as what you need.

UFW is a firewall configuration tool that runs on the top of iptables. UFW is a simpler front end for iptables that priorities user-friendly to configured. To check if ufw is enabled in your system, you can run command below:

sudo ufw status

## Output
#  Status: inactive
#  The output will indicate if your firewall is active or not.

For more the technical details about ufw, you can teleport here!

firewalld

As you might have guessed from its name, firewalld is part of the systemd family. firewalld can be installed on Debian/Ubuntu machines, but it’s there by default on Red Hat and CentOS. If you’ve got a web server like Apache running on your machine, you can confirm that the firewall is working by browsing to your server’s web root. If the site is unreachable, then firewalld is doing its job.

You’ll use the firewall-cmd tool to manage firewalld settings from the command line. Adding the –state argument returns the current firewall status:

# firewall-cmd --state
running

By default, firewalld will be active and will reject all incoming traffic with a couple of exceptions, like SSH. That means your website won’t be getting too many visitors, which will certainly save you a lot of data transfer costs. As that’s probably not what you had in mind for your web server, though, you’ll want to open the HTTP and HTTPS ports that by convention are designated as 80 and 443, respectively. firewalld offers two ways to do that. One is through the –add-port argument that references the port number directly along with the network protocol it’ll use (TCP in this case). The –permanent argument tells firewalld to load this rule each time the server boots:

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp

# The –reload argument will apply those rules to the current session:
firewall-cmd --reload

# Curious as to the current settings on your firewall? Run –list-services:
firewall-cmd --list-services

## Output
#  dhcpv6-client http https ssh

Assuming you’ve added browser access as described earlier, the HTTP, HTTPS, and SSH ports should now all be open — along with dhcpv6-client, which allows Linux to request an IPv6 IP address from a local DHCP server.