Buy Cheap VPS Knowledge Base

  2. Knowledge Bases /
  3. Linux VPS /
Essential Firewall Commands: A Comprehensive Guide for iptables, CSF, UFW, Firewalld, and nftables
2025 Feb 24
Linux VPS

Essential Linux Firewall Management Commands

Firewalls play a crucial role in network security by acting as a protective barrier between a trusted internal network and untrusted external networks, such as the internet. They control the flow of incoming and outgoing traffic based on predefined security rules. Linux offers several firewall management tools, each with its own command set and configurations. Below is an overview of common commands for iptablesCSF (ConfigServer Security & Firewall) UFW (Uncomplicated Firewall)Firewalld, and nftables.

iptables

iptables is a powerful firewall utility that configures packet filtering rules in the Linux kernel. While highly flexible, it can be complex to manage directly. Here are some essential commands:

  • View current firewall rules:

    # iptables -L

  • Allow incoming traffic on a specific port:

    # iptables -A INPUT -p tcp --dport <port_number> -j ACCEPT

  • Block incoming traffic on a specific port:

    # iptables -A INPUT -p tcp --dport <port_number> -j DROP

  • Save the firewall configuration:

    # iptables-save > /etc/iptables/rules.v4

CSF (ConfigServer Security & Firewall)

CSF is an advanced firewall configuration tool that simplifies iptables management. It is widely used on Linux servers.

  • Start CSF:

    # csf -s

  • Stop CSF:

    # csf -f

  • Allow a specific IP address:

    # csf -a <IP_address>

  • Block a specific IP address:

    # csf -d <IP_address>

UFW (Uncomplicated Firewall)

UFW is a simplified firewall tool designed to be user-friendly, commonly used on Ubuntu.

  • Enable UFW:

    # ufw enable

  • Block incoming traffic on a specific port:

    # ufw deny <port_number>

  • Allow incoming traffic on a specific port:

    # ufw allow <port_number>

  • Reload UFW rules:

    # ufw reload

Firewalld

Firewalld is a dynamic firewall manager introduced in CentOS/RHEL 7, offering greater flexibility than traditional iptables.

  • Enable and start Firewalld:

    # systemctl enable firewalld
    # systemctl start firewalld

  • Allow a specific service:

    # firewall-cmd --zone=public --add-service=<service_name> --permanent

  • Open a specific port:

    # firewall-cmd --zone=public --add-port=<port_number>/tcp --permanent

  • Reload Firewalld rules:

    # firewall-cmd --reload 

nftables

nftables is the modern replacement for iptables, providing a streamlined framework for packet filtering.

  • View active firewall rules:

    # nft list ruleset

  • Add a new rule:

    # nft add rule <table> <chain> <rule>

  • Delete an existing rule:

    # nft delete rule <table> <chain> <rule>

  • Flush all rules:

    # nft flush ruleset

Each firewall tool has its strengths, and choosing the right one depends on your needs. iptables offers deep customization, CSF simplifies server security, UFW is beginner-friendly, Firewalld provides dynamic control, and nftables is the future of Linux firewalls.

Need more Support?

If you cannot find an answer in the knowledgebase, you can contact us for further help.
Latest Articles

© 2015 - 2025 BUYCHEAPVPS Team, All rights reserved

This website uses cookies