Posts

How to Configure Firewall in Linux

A Firewall is a network security system that controls the incoming and outgoing network traffic based on an applied rule set. A firewall controls access to the resources of a network through a positive control model.

Accept – Allow the connection.

Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.

Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

View Firewall

To view the current firewall configuration use the command.

# iptables -L

Firewall Configuration

Edit the iptables configuration file:

# vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

OR
Execute the command on shell.

Firewall Rules:

Rule 1: Block all IP address

To block all connections from the specific IP address, define the rule

# iptables -A INPUT -s 192.168.0.100 -j DROP

Rule 2: Block network range of IP addresses

To block all of the IP addresses in specific network range then use the rule

# iptables -A INPUT -s 192.168.0.0/24 -j DROP

Rule 3: Enable Specific Ports

In order to check the well known port chart, use the link

# iptables -A input -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT

Save Firewall Service

Save the iptable rules.

# /sbin/service iptables save

How to Jail FTP User

FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.

Step 1: Prerequisites

To Jail FTP User firstly Configure FTP Server.

Step 2: Modify ftpusers File

Modify ftpusers File in /etc/vsftpd/ftpusers and list the users for jailing.

# vi /etc/vsftpd/ftpusers
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

Step 3: Configure vsftpd.conf File

If we jail ftp user then we make following settings.

# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Step 4: Restart the service

Now restart the service vsftpd

# service vsftpd restart

How to Configure Website Using Htaccess with Apache in Linux

Step 1: Prerequisite

Step 2: Create Directory

Create a directory in /var/www/html/ (where DocumentRoot of apache is pointed).

# mkdir /var/www/html/testfolder
# cd /var/www/html/testfolder

Step 3: Create .htaccess File

Now create a .htaccess file using the touch command and insert the following lines in it:

# touch .htaccess
# vi .htaccess
AuthUserFile /var/www/html/testfolder/.htpasswd
AuthGroupFile /www.null
AuthName "Authorization Required"
AuthType Basic

require user USER_NAME

Set the password by executing the htpasswd command for htaccess

# htpasswd -c /var/www/html/testfolder/.htpasswd USER_NAME

Step 4: Configuration in Apache

Edit the /etc/httpd/conf/httpd.conf file and add the lines:

# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/testfolder">
AllowOverride AuthConfig
</Directory>

Step 5: Restart Apache Server

In the end restart the httpd service:

# service httpd restart