Introduction to firewalls
This article provides an overview of firewalls. To understand what a firewall
is, you first need to understand what the Internet is.
The Internet is a web-like network of computers. Some computers (like your
laptop) specialize primarily in client-side tasks. Others (like a Rackspace
cloud server) specialize primarily in server-side tasks. Some highly
specialized computers only route communications between other computers.
These computers are called routers and switches.
Packets
Computers communicate by sending data in packets. These packets come in a
variety of sizes and "shapes", depending on the protocols that they follow.
A packet might contain all of the following information:
- Source IP address: The Internet Protocol (IP) address of the sender.
- Destination IP address: The Internet Protocol (IP) address of the
recipient. - Source port number: The port of the sending service. This number
ranges from 1 to 65535. - Destination port number: The port of the receiving service.
This number ranges from 1 to 65535. - Protocol: The protocol or model that the packet follows.
- Sequence number: The sequence number for the packet. The receiver uses
these numbers to reassemble packets in the correct order. - Packet size: The size of the packet.
- Data: The message itself.
- Checksum: A check that ensures that the packet is not corrupted.
The purpose of a firewall is to block unwanted and possibly malicious packets.
A typical firewall performs this task by looking at the first six pieces of
information in the preceding list, while more sophisticated firewalls and
traffic analyzers employ more advanced techniques.
Firewall best practices
When you set up a firewall on your cloud server, you need to poke a few holes
in it so that you can receive communications from essential services.
Identify the ports for which you want to create firewall rules
First, you need to identify which communications are coming from and
going to those services. You can find this information by looking at the
following common port numbers:
Port (IP protocols) | Service/Protocol |
---|---|
21 (Transfer Control Protocol (TCP)) | File Transfer Protocol (FTP) |
22 (TCP and User Datagram Protocol (TCP/UDP)) | Secure Shell and Secure File Transfer Protocol (SSH/SFTP) |
25 and 587 | Simple Mail Transfer Protocol (SMTP) |
53 (TCP/UDP) | Domain Name System (DNS) |
80 (TCP/UDP) | Hypertext Transfer Protocol (HTTP) |
110 (TCP) | Post Office Protocol (POP3) |
143 (TCP/UDP) | Internet Message Access Protocol (IMAP) |
389 (TCP/UDP) | Lightweight Directory Access Protocol (LDAP) |
443 (TCP/UDP) | Secure HTTP (HTTPS) |
465 (TCP) | Simple Mail Transfer Protocol Secure (SMTPS) |
636 (TCP/UDP) | Secure LDAP (LDAPS) |
694 (UDP) | Heartbeat |
873 (TCP) | rsync |
3306 (TCP/UDP) | MySQL |
5900 (TCP/UDP) | Virtual Network Computing (VNC) |
6660-6669 (TCP) | Internet Relay Chat (IRC) |
8080 (TCP) | Apache® Tomcat® |
Port numbers enable you to poke holes in your firewall for the services that
you want to open to the world. There are many additional port numbers.
Use whitelists
It is important to use whitelists, which are list of services that you allow
while denying everything else.
For example, if you want to open up access to your web server and nothing
else, your rule list might look like the following example:
ALLOW: DestPort=80
DENY: ALL
If you also want to allow Secure Shell (SSH) access, but only from one
specific IP address, your list might look like the following example:
ALLOW: DestPort=22 && SrcIP=1.2.3.4
ALLOW: DestPort=80
DENY: ALL
The line that says DENY: ALL
is perhaps the most important line in your
firewall rules because it blocks everything that you do not specifically
allow. You should usually place this line at the bottom.
Additional resources
You might also find the following resources helpful:
Updated about 1 year ago