Best Practices for Firewall Rules

Reading Time: 5 minutes

Basic Firewall Rules

In a firewall rule, the action component decides if it will permit or block traffic. It has an action-on-match feature. For example, if the traffic matches the components of a rule, then it will be permitted to connect to the network. It is essential to consider the potential security risks when modifying a firewall rule to avoid future issues. Following firewall rules best practices can help you maximize the effectiveness of your solution.

Best Practices for Firewall Rules

Types of Firewall Rules Best Practices

When configuring and maintaining firewall rules, it's essential to follow firewall rules best practices to ensure optimal security and network performance. These best practices can be categorized into three main types:

Configuration Best Practices

These practices focus on properly setting up and organizing firewall rules, such as using network segmentation, limiting unnecessary ports and services, and implementing Role-Based Access Control (RBAC).

Change Management Best Practices

This type of firewall rules best practice involves establishing formal processes for requesting, reviewing, testing, and deploying changes to firewall rules, ensuring that all modifications are well-documented and do not introduce security risks.

Monitoring and Maintenance Best Practices

These practices involve regularly reviewing firewall rules, auditing logs, and updating firewall devices to keep the network secure and up to date with the latest security patches and firmware.

Configuration Best Practices

Least Privilege Principle

When configuring firewall rules, only allow the minimum access required for something to work correctly. This approach limits the opportunity for unauthorized access to your network and reduces the chances of vulnerabilities in your network being exploited.

Segmentation and Zoning

Divide your network into different zones of risk profile and data sensitivity. Strong access controls between zones can help prevent the spreading of malware and shield sensitive data. For example, you might have a zone for guest access (visitors and vendors), a zone for secured resources (finance and executives), and a zone for regular employee access.

Clarity and Consistency 

As you configure your firewall ruleset, you should be describing and documenting each section of rules; the descriptions should be consistent between sections.

Good Example

#GUEST_ACCESS-WiFi_zone
# Guest WiFi Zone - Designed for visitors and guests needing normal
# web access.
# 
# This restricted zone allows external web access through ports 80
# and 443 (HTTP/HTTPS), grants access to internal HTTPS resources,
# and blocks any other internal network access.
#
# Deny access to internal networks from the Guest WiFi Zone unless it is HTTPS
-A FORWARD -s 192.168.2.0/24 -d 10.0.0.0/8 ! --dport 443 -j DROP

# Allow DNS resolution
-A FORWARD -s 192.168.2.0/24 -p udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -p tcp --dport 53 -j ACCEPT

# Allow access to web stuff
-A FORWARD -s 192.168.2.0/24 -p tcp --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

# Drop all other traffic from the Guest WiFi Zone
-A FORWARD -s 192.168.2.0/24 -j DROP

Bad Example - DO NOT DO THIS!

# zone-X
# zone for guests
# allow web traffic
-A INPUT -j ACCEPT

Change Management Best Practices

Establish a Formal Change Procedure

Firewall rules will need to be updated for any new services and new devices that are added. Before adding or changing any firewall rules, a formal change procedure should be established for any new modifications. The following steps are some guidelines for a change procedure process:

  • Have a change request process in place that requires users to request modifications to a specific firewall configuration.
  • Have a review process to analyze these new modification requests and determine the best course of action for any security practices.
  • A procedure to test the new modification requests on a test or staging environment before implementing them in the production firewall rules.
  • A method for deployment of the tested new modification requests into production.
  • A process to validate the new firewall settings to ensure proper operating.
  • An operation to document all changes has been tracked.

Firewall Automation

Firewall automation streamlines the management and updating of firewall rules by automating repetitive tasks, reducing manual intervention, and enhancing overall network security. Whether you use a software firewall or a hardware firewall, firewall automation can be used to create new rules for newly deployed applications, regularly update blocklists, automatically send alerts regarding newly detected vulnerabilities, and much more.

Consult your organization's specific needs and requirements, and select a suitable firewall management tool or security platform to streamline and automate tasks, improving your network's security and efficiency.

Backup and Rollback Plans

Occasionally, a change to a firewall ruleset may lead to unforeseen outcomes, such as blocking a necessary port or unintentionally blocking access from a specific geographic area. The impact of firewall changes is not always immediately apparent, sometimes taking hours or days to detect. Having the ability to roll back or revert to a previously verified known-to-be-good firewall configuration is a security best practice.

Monitoring and Maintenance Best Practices

Firewall Updates

Regular firewall updates are essential to maintaining a secure and efficient network. By keeping the software, firmware, and patches for your firewall up to date, you help ensure that your firewall has the latest security enhancements and vulnerability fixes. 

Firewall Rule Maintenance

Networks are constantly changing by gaining new users and new devices. New services and new applications are being accessed, which means new firewall rules will need to be added. The old firewall rules will need to be reviewed and modified or deleted if necessary. It is a best practice to set up a regular maintenance schedule to make updated changes to the firewall rules.

Firewall Performance Audit

A firewall performance audit is an essential process that involves the previous two best practices to form a comprehensive review of your firewall rules, your firewall configuration, and the overall firewall effectiveness. Though each firewall solution will have its own preferred process, here are a few steps common to most:

  • Review - Examine the current ruleset and identify any rules that are too broad or too permissive.
  • Validate - Assess your firewall ruleset and configuration to ensure it aligns with your organizational policies and security best practices
  • Analyze - Inspect your log data for anomalies and trends. By doing this, you can identify false positives and highlight areas needing closer attention. An unexpected surge in network traffic might indicate a possible distributed denial-of-service (DDoS) attack, but it might also be the result of a fruitful marketing campaign for a new product launch.
  • Test - Perform penetration tests, vulnerability scans, and efficiency assessments to identify any potential weaknesses with your firewall configuration as well as ensure your network is operating at optimal levels.

Conclusion

Following best practices for firewall configurations will help guide you in having a security mindset as well as having a secured network. Visit this link to learn more about Liquid Web's firewalls.

Our Support Teams are filled with experienced Linux technicians and talented system administrators who have intimate knowledge of multiple web hosting technologies, especially those discussed in this article.

Threat Stack Oversight Blog CTA Banner
Avatar for Michael Pruitt

About the Author: Michael Pruitt

Michael Pruitt is a Support Systems Administrator for Nexcess. He brings over a decade of experience to his current role. When not working, Michael can be found officiating roller derby bouts.

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article