Understanding how to enable and disable firewall on Alpine Linux is essential. It helps secure the system by controlling network traffic and protecting it from unauthorized access and potential security threats.
For this purpose, Alpine Linux has offered its users the Awall (Alpine Wall). Through Awall, managing firewall rules and setting up and maintaining a firewall on an Alpine Linux system is easy.
This article will help you enable and disable the firewall on Alpine Linux. We will also guide you with setting up Awall.
Let’s dive right in.
What You’ll Need
The first thing to do before you try to understand how to enable and disable firewall on Alpine Linux is to set up Awall.
For this purpose, knowing the prerequisites below allows for a seamless setup:
- Ensure you have root or sudo access privileges (guide) to install and configure Awall.
- Gain some basic knowledge of networking concepts, as it will be helpful when configuring Awall.
- Learn to use the terminal and its commands.
- Install any text editor or use the default text editor – vi.
- Familiarize yourself with the Awall documentation to understand syntax in the config files.
Once you have everything needed for the setup, we can proceed with the installation and configuration of Awall.
How To Set Up a Awall Firewall on Alpine Linux
Step 1: Installing Awall Firewall on Alpine Linux
- Updating the system is a good practice before installing any new packages on Alpine Linux. For this, enter the command below to update the system:
apk update
- Once you finish the update, install iptables for IPv4 and IPv6 protocols using the below command:
apk add ip6tables iptables
- Managing the iptables requires Awall, which can be installed from the Alpine Linux repositories. Don’t worry about manually selecting the architecture or version, as entering the below command automates the Awall installation:
apk add -u awall
- Verify if the Awall is installed successfully by entering the command below. If there is an error or no response from the terminal, repeat Steps 1-3.
apk info awall
apk version awall
- Verify the predefined set of firewall policies that are available in JSON format through the “/usr/share/awall/mandatory” directory. Learning about the policies displayed will help you configure Awall better.
Enter the command: ls -l /usr/share/awall/mandatory to list the policies. The result of entering the command is as shown in the screenshot below:
Once you’re done with installing Awall Firewall on Alpine Linux, start with loading and managing iptables kernel modules.
Step 2: Load and Manage iptables Kernel Modules
- Load iptables kernel modules for the firewall using the two commands below:
modprobe -v ip_tables
modprobe -v ip6_tables
Note: If you have already installed and configured Awall, you can skip this step.
- Once the iptables are loaded, autostart the firewall and autoload the Linux Kernel modules using the below command:
rc-update add iptables && rc-update add ip6tables
- Now you can control the firewall services using the below command.
rc-service iptables start && rc-service ip6tables start
- Check the firewall status and verify if it has started using the below command. If you see the output “started” for both, it’s a sign that firewall service has started successfully.
rc-service iptables status && rc-service ip6tables status
Take note that the firewall service isn’t started if the Terminal displays an error or doesn’t show any output. You will need to repeat Steps 1-3 to fix this issue before proceeding further, as the firewall must be started.
Step 3: Configuring Awall Firewall on Alpine Linux
In this section, we will provide a step-by-step guide on generating policies, using the creation of an SSH policy as a reference. You can customize these policies based on your specific network requirements.
To begin with, creating policies requires changing the current directory to the Awall directory and creating policies in any file under it.
Here are the steps to do so:
- Enter the command: cd /etc/awall and list the folders present in it with the ls command as shown in the screenshot below.
- Under the Awall directory, folders – Optional and Private are present. Select any one to create new policies. Here is the command to open the optional folder of the directory:
cd /etc/awall/optional
After successfully changing the directory to an optional folder in the Awall directory, you can make policies by creating new files.
Creating SSH Policies
Generate an SSH policy by creating a “ssh.json” file and adding the necessary lines using the vi editor.
For this, use the below commands:
touch ssh.json – Creates “ssh.json” file
vi ssh.json – Opens ssh.json in vi editor
Once the vi editor opens the “ssh.json,” you will find it empty. Now enter the below text in “ssh.json” to generate the SSH policy that accesses the SSH connections on port 22 with a maximum login limit.
{
“description”: “Allow incoming SSH access (TCP/22)”,
“filter”: [
{
“in”: “internet”,
“out”: “_fw”,
“service”: “ssh”,
“action”: “accept”,
“src”: “0.0.0.0/0”,
“conn-limit”: { “count”: 3, “interval”: 60 }
}
]
}
After typing the lines in the “ssh.json”, hit the Esc key. Next, write “:wq” and press your Enter key to save and exit the file. You can now proceed to learn how to enable and disable firewall on Alpine Linux.
How to Enable and Disable Firewall on Alpine Linux
After successfully creating the SSH policy, you can check it in the list of firewall policies using the below command:
awall list
Once you have verified that the SSH policy is reflected in the firewall policies list, you can now learn how to enable and disable Firewall on Alpine Linux.
Steps to Enable Awall Firewall on Alpine Linux
Here are simple steps to enable Awall on Alpine Linux:
- As we have created policies manually, they are disabled by default. Here is the command to enable the Awall policies:
awall enable <policy_name>
- The “policy_name” in the command must be replaced with the policy you want to enable. As we have created an SSH policy, the command is;
awall enable ssh
- Once you have enabled the desired policies, turn on Awall using the below command;
awall activate
With this step, you have successfully enabled Awall, and if there is an issue or error, you might not have installed Awall right or enabled policies right. Hence cross-check and perform the required diagnostics.
Steps to Disable Awall Firewall on Alpine Linux
Here are simple steps to disable Awall on Alpine Linux:
- To disable Awall, you have to start by disabling all its policies. Here is the command to enable the Awall policies.
awall disable <policy_name>
- The “policy_name” in the command must be replaced with the policy you want to disable. As we have only SSH policy, the command is:
awall disable ssh
- If you want to stop using Awall in Alpine Linux, stop its service for IPv6 and IPv4 protocols using the following command:
rc-service iptables stop && rc-service ip6tables stop
Through this article, we have explained how to enable and disable firewall on Alpine Linux is a crucial aspect of system security.
Setting default policies and creating rules to permit desired traffic is required to enable the firewall. On the other hand, deactivating the firewall should be done with care, since it could put the system at risk for security issues.
Whatever the approach on how to enable and disable firewall on Alpine Linux, keeping an active firewall or putting one in place when necessary is essential for improving the overall security state of Alpine Linux systems.
If this guide helped you, please share it.
