Introduction

Now that we know the ins and outs of SSH and connecting to our machines, whether it be the local VMs or remote servers, we're going to take a look at the most obvious part of the security onion (the firewall) and the Linux network stack in general.

Traditionally, firewall administration was handled by the iptables and associated commands, and indeed you'll be hard pressed to find system administrators who don't instantly install the iptables suite of tools on every server they find (that doesn't have it installed already).

On modern installations, firewall-cmd (CentOS) and ufw (Ubuntu) can be found installed in place of, or in addition to, traditional tools. These are an attempt to make the firewall process a more painless experience, though purists will defend iptables to the death.

No matter the user space (the name given to programs that operate outside the kernel, at the user level) tool used, all of the changes we make are being made using the Netfilter kernel framework. Indeed, a replacement for iptables and Netfilter, called nft, has been available in the kernel for some time, though it's not widely used at the moment.

Alongside our journey into the confusing world of firewalls, we're going to create a network interface and configure it with both static and dynamic IP allocation.