Cyberithub

How to Install Firewalld on Ubuntu 20.04 LTS (Focal Fossa)

Advertisements

In this article, I will take you through the steps to install firewalld on Ubuntu 20.04 LTS. firewalld is just like any other Linux firewall but with some special features. It uses an excellent component called zones to control traffic entering in your Systems. A zone is basically a collection of network cards that is facing a specific direction and to which rules can be assigned. Firewalld uses firewall-cmd utility to manage all the firewall rules. It is a default firewall management tool in RHEL/CentOS based systems but here we will see how you can install and use this firewall in a Debian based system such as Ubuntu 20.04 LTS (Focal Fossa) Server. More on firewalld Official website.

How to Install Firewalld on Ubuntu 20.04 LTS (Focal Fossa)

How to Install Firewalld on Ubuntu 20.04 LTS (Focal Fossa)

Also Read: [Solved]: -bash: /etc/iptables/iptables.rules: No such file or directory

Advertisements

Step 1: Prerequisites

a) You should have a running Ubuntu 20.04 LTS Server.

b) You should have sudo or root access to run privileged commands.

Advertisements

c) You should have apt or apt-get utility available in your System.

 

Step 2: Update Your Server

It is always recommended to first sync the package index files from their sources using apt update command as shown below. If there is any latest version available for any of the installed packages then you can upgrade the package by using apt upgrade command.

Advertisements
root@cyberithub:~# apt update
Hit:1 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:4 https://apt.releases.hashicorp.com focal InRelease
Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:6 https://dl.google.com/linux/chrome/deb stable InRelease
Get:7 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [40.6 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-11 Metadata [66.3 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DEP-11 Metadata [2,464 B]

 

Step 3: Install Firewalld

Next step is to install the firewall by using apt install firewalld command as shown below. This will install the firewalld package along with all its required dependencies.

root@cyberithub:~# apt install firewalld
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ipset libipset13 libnftables1 python3-decorator python3-firewall python3-nftables python3-selinux python3-slip python3-slip-dbus
The following NEW packages will be installed:
firewalld ipset libipset13 libnftables1 python3-decorator python3-firewall python3-nftables python3-selinux python3-slip python3-slip-dbus
0 upgraded, 10 newly installed, 0 to remove and 213 not upgraded.
Need to get 946 kB of archives.
After this operation, 5,382 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
......................................

 

Step 4: Verify Installation

Then verify the installed packages by using dpkg -L firewalld command as shown below.

Advertisements
root@cyberithub:~# dpkg -L firewalld
/.
/etc
/etc/firewalld
/etc/firewalld/firewalld.conf
/etc/firewalld/helpers
/etc/firewalld/icmptypes
/etc/firewalld/ipsets
/etc/firewalld/lockdown-whitelist.xml
/etc/firewalld/services
/etc/firewalld/zones
/etc/init.d
/etc/init.d/firewalld
/etc/logrotate.d
/etc/logrotate.d/firewalld
.............................................

 

Step 5: Check Firewall Version

You can check the current installed version by using firewall-cmd --version command as shown below.

root@cyberithub:~# firewall-cmd --version
0.8.2

 

Step 6: Check Service Status

If you check the firewalld daemon status immediately after the installation then it will show as active and running as you can see below. But in case if it shows Inactive then you need to start the service by using systemctl start firewalld command.

root@cyberithub:~# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-01-25 19:40:39 IST; 2min 26s ago
Docs: man:firewalld(1)
Main PID: 5699 (firewalld)
Tasks: 2 (limit: 5836)
Memory: 21.7M
CGroup: /system.slice/firewalld.service
└─5699 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Jan 25 19:40:38 cyberithub systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 25 19:40:39 cyberithub systemd[1]: Started firewalld - dynamic firewall daemon.

 

Step 7: Enable Firewalld Service

If you want firewalld to start up automatically after every reboot then you need to enable the service by using systemctl enable firewalld command as shown below.

root@cyberithub:~# systemctl enable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable firewalld

 

Step 8: List All Zones

You can check all the available zones by using firewall-cmd --list-all-zones command as shown below.

root@cyberithub:~# firewall-cmd --list-all-zones
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:


dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
.........................................

 

Step 9: List All Services under a Zone 

If you want to list all the services in a specific zone then you need to use firewall-cmd --zone=public --list-services command as shown below.

root@cyberithub:~# firewall-cmd --zone=public --list-services
dhcpv6-client ssh

 

Step 10: Open a Port

If you want to permanently open a port in all the zones then you need to use firewall-cmd --permanent --add-port=<port/protocol> syntax. In this example we are opening TCP Port 5555 through firewalld by using firewall-cmd --permanent --add-port=5555/tcp command as shown below.

root@cyberithub:~# firewall-cmd --permanent --add-port=5555/tcp
success

Then restart firewalld service to apply the above changes.

root@cyberithub:~# systemctl restart firewalld

 

Step 11: List All Open Ports

If you want to list all the open the ports then you need to use firewall-cmd --list-ports command as shown below. As you can see from the output, we have only TCP Port 5555 opened as of now.

root@cyberithub:~# firewall-cmd --list-ports
5555/tcp

 

Step 12: Uninstall firewalld

By any chance if you decide to uninstall firewalld from your System then you need to follow below steps.

a) Stop Firewalld Service

First stop the service by using systemctl stop firewalld command as shown below. Then verify the status by using systemctl status firewalld command.

root@cyberithub:~# systemctl stop firewalld
root@cyberithub:~# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Tue 2022-01-25 20:43:09 IST; 4s ago
Docs: man:firewalld(1)
Process: 10663 ExecStart=/usr/sbin/firewalld --nofork --nopid (code=exited, status=0/SUCCESS)
Main PID: 10663 (code=exited, status=0/SUCCESS)

Jan 25 20:17:44 cyberithub systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 25 20:17:45 cyberithub systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 25 20:43:08 cyberithub systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jan 25 20:43:09 cyberithub systemd[1]: firewalld.service: Succeeded.
Jan 25 20:43:09 cyberithub systemd[1]: Stopped firewalld - dynamic firewall daemon.

b) Disable Firewalld Service

Then disable the service by using systemctl disable firewalld command as shown below.

root@cyberithub:~# systemctl disable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

c) Uninstall Firewalld

Finally, uninstall the package by running apt remove firewalld command as shown below.

root@cyberithub:~# apt remove firewalld
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
ipset libipset13 libnftables1 python3-decorator python3-firewall python3-nftables python3-selinux python3-slip python3-slip-dbus
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
firewalld
0 upgraded, 0 newly installed, 1 to remove and 213 not upgraded.
After this operation, 2,362 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 197698 files and directories currently installed.)
Removing firewalld (0.8.2-1) ...
update-alternatives: using /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice to provide /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy (org.fedoraproject.FirewallD1.policy) in auto mode
Processing triggers for dbus (1.12.16-2ubuntu2.1) ...
Processing triggers for man-db (2.9.1-1) ...

Leave a Comment