Lesson 5: The Firewall Guard (Network Security)
A server without a firewall is like a house with all its doors wide open. In DevOps, we control exactly who can connect and to which ports. This is network-level security.
What is a Firewall?
A firewall is a set of rules that controls incoming and outgoing network traffic. Think of it as a bouncer at a club:
- ✅ "Port 443? You're on the list, come in." (Allow HTTPS)
- ❌ "Port 3306? Not authorized." (Block direct database access)
iptables — The Classic Firewall
iptables is the low-level firewall tool built into Linux. It uses chains and rules:
iptables -L # List all rules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow HTTP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow SSH
iptables -A INPUT -j DROP # Block everything else
-A INPUT— Append a rule to incoming traffic.-p tcp— For TCP protocol.--dport 80— Destination port 80.-j ACCEPT/-j DROP— Accept or reject the traffic.
wget — The File Downloader
While curl is great for APIs, wget specializes in downloading files. It can even mirror entire websites!
wget https://example.com/archive.tar.gz
Routing: ip route
The routing table tells Linux where to send network packets. It's like a GPS for data.
Mission Objective
Secure and inspect your server's network:
- Inspect the bouncer: Run
iptables -Lto view current firewall rules. - Grab a file: Download a webpage with
wget https://example.com/index.html. - Read the map: View the network routing table with
ip route.
Real-World Note
In modern cloud environments (AWS, GCP), firewalls are often managed through Security Groups or Cloud Armor — but they work on the same principles you learned here.