How to check if a firewall rule is set in Linux

Introduction

In this lab, you will learn how to check the status of the firewall and list active firewall rules on a Linux system. You will begin by using the user-friendly ufw command to check the firewall's overall status.

Next, you will delve into the underlying iptables tool to view the detailed packet filtering rules currently in effect. Finally, you will explore nftables, a modern replacement for iptables, to verify the ruleset. This lab will provide you with practical skills to understand and inspect firewall configurations in Linux.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicSystemCommandsGroup(["Basic System Commands"]) linux(("Linux")) -.-> linux/UserandGroupManagementGroup(["User and Group Management"]) linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux/BasicSystemCommandsGroup -.-> linux/help("Command Assistance") linux/BasicSystemCommandsGroup -.-> linux/man("Manual Access") linux/UserandGroupManagementGroup -.-> linux/sudo("Privilege Granting") linux/RemoteAccessandNetworkingGroup -.-> linux/ifconfig("Network Configuring") linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("Network Monitoring") linux/RemoteAccessandNetworkingGroup -.-> linux/ip("IP Managing") subgraph Lab Skills linux/help -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} linux/man -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} linux/sudo -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} linux/ifconfig -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} linux/netstat -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} linux/ip -.-> lab-558716{{"How to check if a firewall rule is set in Linux"}} end

Display firewall status with ufw status

In this step, you will learn how to check the status of the firewall on your Linux system using the ufw command. ufw stands for "Uncomplicated Firewall" and is a user-friendly interface for managing iptables.

Firewalls are essential for network security. They control incoming and outgoing network traffic based on a set of rules. By default, the LabEx environment might have ufw installed but inactive.

To check the status of the ufw firewall, open your terminal and type the following command:

sudo ufw status

Press Enter.

You will likely see output similar to this:

Status: inactive

This output indicates that the ufw firewall is currently not active on the system. If it were active, you would see a list of rules that are currently enforced.

The sudo command is used here because checking the firewall status requires administrative privileges. As mentioned before, the labex user has sudo access without needing a password in this environment.

Understanding the firewall status is the first step in managing network security. In subsequent steps, you will explore other tools like iptables and nftables to gain a deeper understanding of how firewalls work in Linux.

Click Continue to proceed to the next step.

List active iptables rules with iptables -L

In this step, you will learn how to view the active firewall rules using the iptables command. While ufw provides a simplified interface, iptables is the underlying tool that manages the Linux kernel's packet filtering rules.

iptables works by defining rules in different "chains" and "tables". The most common chains are INPUT (for incoming traffic), OUTPUT (for outgoing traffic), and FORWARD (for traffic passing through the system).

To list the current iptables rules in all chains, open your terminal and type the following command:

sudo iptables -L

Press Enter.

You will see output similar to this, which shows the rules for the INPUT, FORWARD, and OUTPUT chains:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The output shows the default policy for each chain (in this case, ACCEPT, meaning traffic is allowed by default) and any specific rules that have been added. Since ufw was inactive in the previous step, iptables likely has no custom rules configured by ufw.

The -L option tells iptables to list the rules. Again, sudo is required because viewing firewall rules needs administrative privileges.

Understanding the output of iptables -L is crucial for diagnosing network connectivity issues and verifying firewall configurations.

Click Continue to move on to the next step.

Verify rules using nft list ruleset

In this step, you will explore nftables, the successor to iptables. nftables provides a more flexible and unified framework for packet filtering and network address translation (NAT). While iptables is still widely used, nftables is becoming the default on newer Linux distributions.

You can view the active nftables ruleset using the nft command with the list ruleset option.

Open your terminal and type the following command:

sudo nft list ruleset

Press Enter.

You will see output similar to this, which shows the current nftables configuration:

table ip filter {
	chain INPUT {
		type filter hook input priority 0; policy accept;
	}

	chain FORWARD {
		type filter hook forward priority 0; policy accept;
	}

	chain OUTPUT {
		type filter hook output priority 0; policy accept;
	}
}

This output shows the default filter table with INPUT, FORWARD, and OUTPUT chains, similar to iptables. The policy accept indicates that traffic is allowed by default in these chains.

The nft command is the primary tool for interacting with nftables. The list ruleset option displays the entire active ruleset. Again, sudo is necessary to view the firewall configuration.

Comparing the output of iptables -L and nft list ruleset can sometimes reveal differences if both are configured or if one is managing rules that the other doesn't directly control. In a typical setup, one system (either iptables or nftables) will be the primary firewall manager.

You have now learned how to check the status of ufw, list iptables rules, and view the nftables ruleset. These are fundamental skills for understanding and managing firewalls in Linux.

Click Continue to complete this lab.

Summary

In this lab, you learned how to check the status of the firewall on a Linux system using different tools. You started by using sudo ufw status to determine if the Uncomplicated Firewall is active, which provides a user-friendly interface for managing firewall rules.

Next, you explored the underlying iptables tool by using sudo iptables -L to list the active packet filtering rules in various chains like INPUT, OUTPUT, and FORWARD. This provided a more detailed view of the firewall configuration. Finally, you would typically verify rules using nft list ruleset to understand how the newer nftables framework manages firewall rules, offering a modern alternative to iptables.