Linux - Configuration - Enable Firewall

What the Firewall Enabler does

This Automox Worklet™ verifies that the recommended host-based firewall is installed and running on Linux endpoints. The Worklet identifies the distribution by reading /etc/os-release and applies the appropriate firewall configuration.

For Ubuntu systems, the Worklet checks for ufw (Uncomplicated Firewall) and installs it if missing. For other distributions like CentOS, RHEL, Fedora, Debian, and SUSE, it checks for firewalld and installs it through yum or apt as appropriate.

After verifying installation, the Worklet checks whether the firewall service is actively running. If the service is installed but inactive, the Worklet starts and enables it to run at boot time.

Why enable host-based firewalls

Host-based firewalls provide defense-in-depth by filtering traffic at the endpoint level. Even when network firewalls are in place, host firewalls protect against lateral movement within the network and limit exposure if other systems are compromised.

Compliance frameworks including CIS Benchmarks, PCI-DSS, and NIST recommend active firewall services on Linux systems. Security audits commonly verify that host firewalls are running and configured with appropriate rules.

This Worklet provides consistent firewall enablement across mixed Linux environments. You can deploy a single policy that handles both Ubuntu (ufw) and other distributions (firewalld) automatically.

How firewall enablement works

1. Evaluation phase: The Worklet identifies the distribution by reading /etc/os-release. For Ubuntu, it checks if /usr/sbin/ufw exists and queries ufw status. For other distributions, it checks for /usr/bin/firewall-cmd and queries firewall-cmd --state. If the firewall is missing or inactive, the endpoint is flagged for remediation.

2. Remediation phase: For Ubuntu, the Worklet installs ufw using apt and runs ufw enable. For other distributions, it installs firewalld using yum or apt, runs systemctl enable firewalld, and starts the service with systemctl start firewalld. A final check verifies the firewall is running.

Firewall enablement requirements

• Linux endpoint running Ubuntu, Debian, RHEL, CentOS, Fedora, or SUSE

• Network access to package repositories for firewall installation if needed

• Root or sudo privileges for package installation and service management

Expected firewall state after enablement

After successful remediation, the appropriate firewall service runs on the endpoint. You can verify the configuration by examining the relevant configuration files. For Ubuntu, running ufw status returns Status: active. For other distributions, running firewall-cmd --state returns running.

The firewall service is configured to start automatically at boot. Default firewall rules are in place, which typically allow established connections and SSH while blocking other incoming traffic. You may need to add additional rules to allow specific services through the firewall.

How to validate enable firewall changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for enable firewall.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as source, else, exit.

4. Validate remediation effects from script operations such as source, function, yum, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for enable firewall. This supports repeatable system preferences workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as source, else, exit and remediation operations such as source, function, yum. Use these indicators to verify that endpoint changes match intended policy outcomes.