Introduction to firewalls
This article provides an overview of firewalls. To understand what a firewall is, you first need to understand what the Internet is.
The Internet is a web-like network of computers. Some computers (like your laptop) specialize primarily in client-side tasks. Others (like a Rackspace cloud server) specialize primarily in server-side tasks. Some highly specialized computers only route communications between other computers. These computers are called routers and switches.
Computers communicate by sending data in packets. These packets come in a variety of sizes and “shapes”, depending on the protocols that they follow. A packet might contain all of the following information:
- Source IP address: The Internet Protocol (IP) address of the sender.
- Destination IP address: The Internet Protocol (IP) address of the recipient.
- Source port number: The port of the sending service. This number ranges from 1 to 65535.
- Destination port number: The port of the receiving service. This number ranges from 1 to 65535.
- Protocol: The protocol or model that the packet follows.
- Sequence number: The sequence number for the packet. The receiver uses these numbers to reassemble packets in the correct order.
- Packet size: The size of the packet.
- Data: The message itself.
- Checksum: A check that ensures that the packet is not corrupted.
The purpose of a firewall is to block unwanted and possibly malicious packets. A typical firewall performs this task by looking at the first six pieces of information in the preceding list, while more sophisticated firewalls and traffic analyzers employ more advanced techniques.
Firewall best practices
When you set up a firewall on your cloud server, you need to poke a few holes in it so that you can receive communications from essential services.
Identify the ports for which you want to create firewall rules
First, you need to identify which communications are coming from and going to those services. You can find this information by looking at the following common port numbers:
|Port (IP protocols)||Service/Protocol|
|21 (Transfer Control Protocol (TCP))||File Transfer Protocol (FTP)|
|22 (TCP and User Datagram Protocol (TCP/UDP))||Secure Shell and Secure File Transfer Protocol (SSH/SFTP)|
|25 and 587||Simple Mail Transfer Protocol (SMTP)|
|53 (TCP/UDP)||Domain Name System (DNS)|
|80 (TCP/UDP)||Hypertext Transfer Protocol (HTTP)|
|110 (TCP)||Post Office Protocol (POP3)|
|143 (TCP/UDP)||Internet Message Access Protocol (IMAP)|
|389 (TCP/UDP)||Lightweight Directory Access Protocol (LDAP)|
|443 (TCP/UDP)||Secure HTTP (HTTPS)|
|465 (TCP)||Simple Mail Transfer Protocol Secure (SMTPS)|
|636 (TCP/UDP)||Secure LDAP (LDAPS)|
|5900 (TCP/UDP)||Virtual Network Computing (VNC)|
|6660-6669 (TCP)||Internet Relay Chat (IRC)|
|8080 (TCP)||Apache® Tomcat®|
Port numbers enable you to poke holes in your firewall for the services that you want to open to the world. There are many additional port numbers.
It is important to use whitelists, which are list of services that you allow while denying everything else.
For example, if you want to open up access to your web server and nothing else, your rule list might look like the following example:
If you also want to allow Secure Shell (SSH) access, but only from one specific IP address, your list might look like the following example:
ALLOW: DestPort=22 && SrcIP=18.104.22.168
The line that says
DENY: ALL is perhaps the most important line in your
firewall rules because it blocks everything that you do not specifically
allow. You should usually place this line at the bottom.
You might also find the following resources helpful:
©2020 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License