Firewall
A firewall is a network security hardware device or software that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Basically, you want to block malicious access or unnecessary access to avoid network security risks while allowing safe and legitimate traffic. In the Linux OS context, a firewall is a part of Linux services or a daemon process.
Four Types of Firewalls
Firewalls can be categorized into four groups depending on their approaches to managing data traffic.
- Packet Filtering
- Circuit Gateways
- Application Gateways
- MAC Layer Firewalls
The most well-known approach is Packet Filtering. It mainly covers the Internet Layer but it can identify traffic based on the Transport Layer protocol as well. Circuit Gateways cover the Transport Layer, and Application Gateways cover the Application Layer while MAC Layer Firewalls cover the Network Interface Layer.
Netfilter
Linux Kernel has its own network traffic management framework called Netfilter. Netfilter can be used for achieving several purposes - such as security enhancement and general network configurations - by managing network traffic, including packet filtering.
Netfilter backend tools
As Netfilter is a framework (a set of rules), you need a tool to be able to utilize Netfilter. The most commonly used tool is iptables. An alternative to iptables is nftables. However, both tools are not easy to use.
Netfilter frontend tools
To support backend tools, there are several frontend tools, which are more user-friendly. The frontend tools available differ by Linux distribution. For example, CentOS provides firewalld while Ubuntu provides UFW (Uncomplicated Firewall). Both programs run on Linux OS as a service or daemon process.