Linux Network Security Configuration Guide

April 17, 2024

linux security networking

Firewall Configuration

UFW (Uncomplicated Firewall)

# Install UFW
sudo apt install ufw

# Basic configuration
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow specific services
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# Allow specific ports with restrictions
sudo ufw allow from 192.168.1.0/24 to any port 3306

IP Tables Rules

# Basic stateful firewall configuration
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -P INPUT DROP

Network Hardening

Disable IPv6 (if not needed)

# Edit sysctl.conf
sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

TCP/IP Stack Hardening

# Edit sysctl.conf
sudo nano /etc/sysctl.conf

# Prevent IP spoofing
net.ipv4.conf.all.rp_filter = 1

# Disable IP forwarding
net.ipv4.ip_forward = 0

# Disable ICMP redirects
net.ipv4.conf.all.accept_redirects = 0