This article covers how to secure Red Hat Enterprise Linux 8 with UFW. UFW may not be intended to provide complete firewall functionality, but it does provide an easy way to create and manage simple firewall rules.
A firewall is a way to protect machines from any unwanted traffic from outside.
It enables users to control incoming network traffic on host machines by defining a set of firewall rules.
These rules are used to sort the incoming traffic and either block it or allow through.
Note that firewalld with nftables backend does not support passing custom nftables rules to firewalld, using the --direct option.
How to start, stop, restart firewalld service on an RHEL 8?
By now you know about firewalld zones, services, and how to view the defaults. It is time to activate and configure our firewall.
1. Start and enable firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
2. Stop and disable firewalld
$ sudo systemctl stop firewalld
$ sudo systemctl disable firewalld
3. Check the firewalld status
$ sudo firewall-cmd --state
4. Command to reload a firewalld configuration when you make change to rules
$ sudo firewall-cmd --reload
5. Get the status of the firewalld service
$ sudo systemctl status firewalld
When to use firewalld, nftables, or iptables:
1. firewalld: Use the firewalld utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
2. nftables: Use the nftables utility to set up complex and performance critical firewalls, such as for a whole network.
3. iptables: The iptables utility on Red Hat Enterprise Linux 8 uses the nf_tables kernel API instead of the legacy back end.
The nf_tables API provides backward compatibility so that scripts that use iptables commands still work on Red Hat Enterprise Linux 8. For new firewall scripts, Red Hat recommends to use nftables.