UFW, firewalld, or iptables? Choosing the Right Linux Firewall for You

Lately, headlines have been filled with stories of cyberattacks that breach even the most robust cloud firewalls and enterprise security systems.

In September 2025, hackers managed to target thousands of Cisco firewalls used by government agencies, exploiting a critical vulnerability to bypass protections and steal sensitive data (source).

Just weeks earlier, a breach at SonicWall’s cloud portal exposed customers’ firewall configurations, showing how attackers keep finding new ways into cloud services (source).

And let’s not forget the ongoing risk of misconfigured firewall rules in public cloud platforms like AWS and Azure, which have led to credential leaks and data loss for businesses worldwide (source).

If even giant corporations are vulnerable, it’s easy to see why every device—no matter how small—needs to be protected. Whether you’re just starting your journey with Linux, running a personal project, or managing servers, understanding how to control network traffic is a fundamental step toward keeping your digital space safe.

But let’s be honest: terms like iptables and firewalld can sound intimidating.

Don’t worry! In this guide, we’ll walk you through three popular tools for managing your Linux firewall. We’ll start with the most beginner-friendly and work our way up. It’s a straightforward process, and by the end, you’ll feel much more confident about your system’s security.

Ready? Let’s dive in.

So, What Exactly is a Firewall?

In simple terms, a firewall is a security system that monitors and controls incoming and outgoing network traffic based on a set of rules you define. It acts as a barrier between your trusted internal system and untrusted external networks (like the public internet).

Here’s what a firewall does for you:

See also: Mastering the Linux Command Line — Your Complete Free Training Guide

  • Blocks Unauthorized Access: It’s like a bouncer at a club, keeping out unwanted guests.
  • Allows Legitimate Communication: Your approved apps and services can communicate without any issues.
  • Helps Prevent Data Breaches: By controlling traffic, it adds a crucial layer of defense against malicious attacks.

On Linux, firewalls are software-based, which gives you incredible flexibility to set up your own security rules.

How Do Linux Firewalls Work?

It’s all about rules. When a piece of data (called a “packet”) arrives at or tries to leave your system, the firewall checks its “ID.” This ID includes information like:

  • Source and Destination IP Address: Where is it coming from, and where is it going?
  • Port Number: Think of ports as different doors into your system. For example, web traffic usually uses ports 80 (HTTP) and 443 (HTTPS).
  • Protocol: This is the language the data is speaking (like TCP, UDP, or ICMP).

Based on the rules you’ve set, the firewall will decide to ACCEPT, DROP (ignore), or REJECT (block and send back an error) the packet.

Before we start tinkering, let’s get acquainted with the tools of the trade.

A Quick Look at Your Firewall Toolbelt

Linux offers a few great tools for managing your firewall. Here’s a quick comparison to help you choose the right one for you:

  • UFW (Uncomplicated Firewall):
    • Ease of Use: Very Easy
    • Best For: Beginners and anyone who wants a straightforward setup.
    • Fun Fact: It has a graphical interface option called Gufw!
  • firewalld:
    • Ease of Use: Easy
    • Best For: Users who want a bit more power, especially for managing different security “zones” (like for home, work, or public networks).
    • Cool Feature: You can change rules without restarting the firewall, which is great for servers.
  • iptables:
    • Ease of Use: Moderate to Advanced
    • Best For: Power users and system administrators who need to create complex, custom rules.
    • The Classic: It’s been the foundation of Linux firewalls for a long time and is incredibly powerful.

Now that you’ve met the team, let’s get our hands dirty with the easiest one first.

Method 1: Get Started in Minutes with UFW (Uncomplicated Firewall)

UFW is the perfect starting point. It’s designed to be simple and intuitive, making firewall management a breeze.

Ready? Just open your terminal and let’s go.

Step 1: Install and Enable UFW

Most Ubuntu-based systems come with UFW pre-installed. But if not, you can easily add it.

sudo apt install ufw

Now, let’s turn it on.

sudo ufw enable

The firewall is now active and will start automatically when your system boots up.

Step 2: Allow Common Services

By default, UFW denies all incoming connections and allows all outgoing ones. Let’s open the door for a few common services. UFW is smart enough to know the standard ports for services like SSH, HTTP, and HTTPS.

# Allow SSH (for remote access)
sudo ufw allow ssh

# Allow HTTP (for web traffic)
sudo ufw allow http

# Allow HTTPS (for secure web traffic)
sudo ufw allow https

See how easy that was? No need to memorize port numbers!

Step 3: Deny a Specific Port

What if you want to block something? It’s just as simple. Let’s say you want to block port 8080.

sudo ufw deny 8080

Step 4: Check Your Status

Curious about what rules are in place? You can check at any time.

sudo ufw status verbose

This command will give you a detailed list of all your rules.

Step 5: Need a Fresh Start? (Optional)

If you ever want to reset everything back to the default settings, you can.

sudo ufw reset

And that’s it! You’ve successfully set up a basic, secure firewall. Feeling more confident? Let’s move on to something with a bit more power.

Method 2: Level Up with firewalld

firewalld is the default on many Red Hat-based systems like CentOS and Fedora. Its key feature is the use of “zones.” Think of zones as different security profiles for different situations (e.g., a “public” zone for when you’re on a coffee shop’s Wi-Fi, and a “home” zone for your trusted network).

Step 1: Install and Start firewalld

First, let’s get it installed and running.

# For Debian/Ubuntu
sudo apt install firewalld

# For RHEL/CentOS
sudo yum install firewalld

Now, let’s start it up and make sure it runs on boot.

sudo systemctl start firewalld
sudo systemctl enable firewalld

Step 2: Check Out the Zones

Let’s see what zones are available.

sudo firewall-cmd --get-zones

You’ll see a list including public, home, work, and drop (which drops all incoming traffic).

Step 3: Assign a Network Connection to a Zone

You need to tell firewalld which of your network connections belongs to which zone. Let’s assign your main network interface (often eth0) to the public zone.

sudo firewall-cmd --zone=public --change-interface=eth0 --permanent

The --permanent flag makes this change stick after a reboot.

Step 4: Allow Services in Your Zone

Similar to UFW, you can allow services by name. Let’s add SSH and HTTP to our public zone.

sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent

For these new rules to take effect, you need to reload the firewall.

sudo firewall-cmd --reload

Step 5: See Your Rules

Want to see what’s configured for your zone?

sudo firewall-cmd --list-all

You now have a dynamic, zone-based firewall running. This is fantastic for laptops that move between different networks or for servers that need more granular control.

Method 3: The Power User’s Choice: iptables

Before UFW and firewalld, there was iptables. It’s incredibly powerful and flexible, but also more complex. This is the tool you want when you need to craft very specific, custom firewall rules.

Let’s create a simple but very secure setup.

Step 1: Look at the Current Rules

First, let’s see what, if anything, is already set up.

sudo iptables -L -v

This shows the current rules for the INPUT, OUTPUT, and FORWARD chains (think of these as rule categories).

Step 2: Start with a Clean Slate (Optional)

If you want to build from scratch, you can flush out all existing rules.


sudo iptables -F

Step 3: Set Your Default Policies

A great security practice is to block everything by default and then only allow what you absolutely need.

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
  • This drops all incoming traffic.
  • It also drops any traffic being forwarded through your machine.
  • It allows all outgoing traffic, so your system can still connect to the outside world.

Step 4: Allow the Good Stuff

Now we need to poke some holes for our essential services.

# Allow SSH Access (port 22)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP/HTTPS (ports 80 and 443)
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Step 5: Block a Specific IP Address

Need to block a troublesome IP address? No problem.

sudo iptables -A INPUT -s 192.168.1.100 -j DROP

Step 6: Don’t Forget to Save!

Here’s a crucial step: iptables rules are temporary by default and will disappear on reboot. You need to save them.

  • On Debian/Ubuntu: sudo apt-get install iptables-persistent sudo netfilter-persistent save
  • On RHEL/CentOS: sudo service iptables save

You’ve now configured a powerful, custom firewall. Great job!

Common Mistakes and Best Practices

As you get more comfortable with firewalls, keep these tips in mind to avoid common pitfalls.

  • Don’t Lock Yourself Out! When setting a default “DROP” policy, always add your “ALLOW” rule for SSH before you apply the drop rule. Otherwise, you’ll be cut off from your remote server.
  • Pick One Tool: Avoid running UFW or firewalld at the same time as manually managing iptables. They can conflict with each other and cause unpredictable results.
  • Start with “Deny All”: The most secure approach is to block everything and then open only the specific ports and services you need.
  • Keep It Tidy: Regularly review your firewall rules. If you no longer need a service, remove its rule to keep your system’s “attack surface” as small as possible.
  • Use Logging: All these tools can log dropped packets. Checking these logs can help you spot potential security threats.

For RHEL 9 (and its derivatives like CentOS Stream, Rocky Linux, and AlmaLinux), the default firewall management tool is firewalld.

  • firewalld is a dynamic firewall manager that uses the concept of “zones” to manage trust levels for different network connections. This makes it very flexible, especially for systems that might connect to various networks. It acts as a more user-friendly interface for the underlying nftables framework.

For Ubuntu 24.04, the default firewall management tool is UFW (Uncomplicated Firewall).

  • As its name suggests, UFW is designed to be easy to use and provides a straightforward way to manage firewall rules. It is a frontend for the more complex iptables (or nftables in newer versions), simplifying the process of securing a system. UFW is typically pre-installed on Ubuntu systems, though it may need to be enabled.
Operating SystemDefault Firewall Tool
RHEL 9firewalld
Ubuntu 24.04UFW (Uncomplicated Firewall)

Conclusion

A well-configured firewall is one of the simplest and most effective ways to secure your Linux system. It’s your first line of defense against a noisy and sometimes hostile internet.

We’ve covered everything from the super-simple UFW to the mighty iptables. The key takeaway is that you don’t have to be a security guru to significantly boost your system’s safety. By understanding how traffic flows and applying a “least-privilege” mindset (only allowing what is necessary), you are taking a massive step toward a more secure digital life.

So go ahead, pick the tool that feels right for you, and give your Linux system the protection it deserves.

David Cao
David Cao

David is a Cloud & DevOps Enthusiast. He has years of experience as a Linux engineer. He had working experience in AMD, EMC. He likes Linux, Python, bash, and more. He is a technical blogger and a Software Engineer. He enjoys sharing his learning and contributing to open-source.

Articles: 541

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *