Linux Network Security Configuration Guide

April 17, 2024

linux security networking

Disclaimer: The examples, configurations, and code snippets provided in this article are for educational purposes only. While we strive for accuracy, there is no guarantee these will work in your specific environment. Always test configurations in a safe environment first and adapt them to your specific needs and security requirements.

Firewall Configuration

UFW (Uncomplicated Firewall)

# Install UFW
sudo apt install ufw

# Basic configuration
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow specific services
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# Allow specific ports with restrictions
sudo ufw allow from 192.168.1.0/24 to any port 3306

IP Tables Rules

# Basic stateful firewall configuration
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -P INPUT DROP

Network Hardening

Disable IPv6 (if not needed)

# Edit sysctl.conf
sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

TCP/IP Stack Hardening

# Edit sysctl.conf
sudo nano /etc/sysctl.conf

# Prevent IP spoofing
net.ipv4.conf.all.rp_filter = 1

# Disable IP forwarding
net.ipv4.ip_forward = 0

# Disable ICMP redirects
net.ipv4.conf.all.accept_redirects = 0