Securing the web server is very important for ensuring the security of the web application you are running. If the Firewall term new to you, let me quote from Wikipedia:

A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

You can visit: http://en.wikipedia.org/wiki/Firewall_%28computing%29 for more relevant information.

If you own a dedicated server or a VPS, you can easily install a Firewall and keep your server safe from external attacks. Today I shall walk you through the not-so-tedious process of installing a command line firewall and configuring it. For today’s task, I shall be demonstrating the Shorewall firewall. As usual, this post assumes that we are running on a Ubuntu server. Given that, please type this command on a Terminal windows and press enter to install the firewall:

sudo aptitude install shorewall

Sit back and relax while Ubuntu installs Shorewall on your server. Please note that, by default Shorewall has no rules setup. That is the server shall allow access to any port. But what do we want? We don’t want hackers poking at other ports than port 80 (HTTP) and port 22 (SSH). So we create the rules now.

First, we shall copy the sample configuration files to the Shorewall directory. Follow this command carefully to know where the files live and where we shall copy them to:

sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/

When you execute the command, the example configuration files shall be copied to the active shorewall directory. We’re now ready to edit the files to change the rules to suit our needs.

Now, open the “rules” file:

sudo nano /etc/shorewall/rules

PS: Nano is an awesome text editor for the terminal window. If you don’t have it, please install it with this command:

sudo aptitude install nano

Now that we have opened the riles file, add these lines above where it says “#LAST LINE”

HTTP/ACCEPT	net		$FW
SSH/ACCEPT	net		$FW

Press Control-O and Control-X to write the changes and save the file. With this rule, we’re accepting network traffic to HTTP (port 80) and SSH (port 22). The firewall shall not allow access to other ports.

After configuring the firewall, we need to make sure that the firewall runs on system start. So, open up the main Shorewall configuration file:

sudo nano /etc/shorewall/shorewall.conf

Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes . After that, open the Shorewall default configuration file:

sudo nano /etc/default/shorewall

And change “startup=0″ to “startup=1″. Press Control-O and Control-X.

We’re finally done. Let’s start the shorewall daemon:

sudo /etc/init.d/shorewall start

That’s it! We have successfully managed to setup a firewall 🙂