1 00:00:07,470 --> 00:00:11,130 - So let me give you an overview of Linux firewalling. 2 00:00:11,130 --> 00:00:12,723 It all starts with the kernel. 3 00:00:14,190 --> 00:00:16,080 In the kernel, there is this functionality 4 00:00:16,080 --> 00:00:17,640 called net filter. 5 00:00:17,640 --> 00:00:20,910 And net filter is the packet filtering 6 00:00:20,910 --> 00:00:23,400 that makes sure that packets are going to pass 7 00:00:23,400 --> 00:00:24,393 through the kernel. 8 00:00:25,260 --> 00:00:27,480 Now, in order to do so, 9 00:00:27,480 --> 00:00:32,040 there are the different flows of packages. 10 00:00:32,040 --> 00:00:32,943 We have input. 11 00:00:34,950 --> 00:00:36,873 We have forward for routing. 12 00:00:39,180 --> 00:00:40,680 And we have output. 13 00:00:40,680 --> 00:00:42,930 These are the different directions 14 00:00:42,930 --> 00:00:44,850 that the kernel is going to track. 15 00:00:44,850 --> 00:00:48,180 Now, you need to define what you want to allow to come in, 16 00:00:48,180 --> 00:00:50,190 what you want to allow in this forward, 17 00:00:50,190 --> 00:00:51,420 and what you want to allow 18 00:00:51,420 --> 00:00:54,903 in this output phase of the firewall. 19 00:00:56,070 --> 00:01:00,420 So if you look at the essential utilities, 20 00:01:00,420 --> 00:01:02,193 there was always iptables. 21 00:01:04,620 --> 00:01:08,133 And nowadays, that has been replaced with nftables. 22 00:01:09,540 --> 00:01:11,403 These are low end utilities. 23 00:01:11,403 --> 00:01:13,020 They are pretty complex. 24 00:01:13,020 --> 00:01:15,480 And because they are so complex, 25 00:01:15,480 --> 00:01:17,790 they are not used a lot. 26 00:01:17,790 --> 00:01:20,550 In order to write these firewall rules 27 00:01:20,550 --> 00:01:22,320 in a much easier way, 28 00:01:22,320 --> 00:01:25,930 nowadays, distributions are providing firewalld 29 00:01:27,540 --> 00:01:28,563 or ufw, 30 00:01:29,458 --> 00:01:31,560 where firewalld is the default in Red Hat 31 00:01:31,560 --> 00:01:35,370 and ufw is the default in Ubuntu. 32 00:01:35,370 --> 00:01:36,420 So what is happening? 33 00:01:36,420 --> 00:01:41,420 Well, firewalld or ufw writes to iptables or nftables 34 00:01:41,910 --> 00:01:45,480 depending on the Linux distribution that you are using, 35 00:01:45,480 --> 00:01:47,310 and these on their turn 36 00:01:47,310 --> 00:01:51,540 are defining these input, output, and forward rules. 37 00:01:51,540 --> 00:01:54,033 And that's how firewalling in Linux is organized.