Mastering Linux Security and Hardening
上QQ阅读APP看书,第一时间看更新

An overview of firewalld

In a typical business setting, especially in larger enterprises, you may encounter various types of firewalld in various places that can provide various types of functionality. Some examples are as follows:

  • Edge devices that separate the internet from an internal network translate routable public IP addresses to non-routable private IP addresses. They can also provide various types of access control to keep out unauthorized people. By also providing various types of packet inspection services, they can help prevent attacks on the internal network, keep out malware, and prevent leakage of sensitive information from the internal network to the internet.
  • Large enterprise networks are normally divided into subnetworks, or subnets, with each corporate department having a subnet to call its own. Best practice dictates separating the subnets with firewalld. This helps ensure that only authorized personnel can access any given subnet.
  • And, of course, you also have firewalld running on the individual servers and workstations. By providing a form of access control, they can help prevent an intruder who has compromised one machine from performing a lateral movement to another machine on the network. They can be also configured to prevent certain types of port scanning and denial-of-service (DoS) attacks.

For the first two items in the preceding list, you would likely see dedicated firewall appliances and teams of firewall administrators taking care of them. The third item in the list is where you, the Linux professional, come into the picture. In this chapter and the next, we'll look at the firewall technologies that come packaged with your Linux server and Linux workstation distros.