Configure host-based firewalls (iptables, nftables, UFW) and cloud security groups (AWS, GCP, Azure) with practical rules for common scenarios like web servers, databases, and bastion hosts. Use when exposing services, hardening servers, or implementing network segmentation with defense-in-depth strategies.
View on GitHubskills/configuring-firewalls/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/ancoleman/ai-design-components/blob/main/skills/configuring-firewalls/SKILL.md -a claude-code --skill configuring-firewallsInstallation paths:
.claude/skills/configuring-firewalls/# Configuring Firewalls ## Purpose Guide engineers through configuring firewalls across host-based (iptables, nftables, UFW), cloud-based (AWS Security Groups, NACLs), and container-based (Kubernetes NetworkPolicies) environments with practical rule examples and safety patterns to prevent lockouts and security misconfigurations. ## When to Use This Skill **Trigger Phrases:** - "Configure firewall for [server/service]" - "Set up security groups for [AWS resource]" - "Allow port [X] through firewall" - "Block IP address [X.X.X.X]" - "Set up UFW on Ubuntu server" - "Create iptables/nftables rules" - "Configure bastion host firewall" - "Implement egress filtering" **Common Scenarios:** - Initial server setup and hardening - Exposing a new service (web server, API, database) - Implementing network segmentation - Creating bastion host or jump box - Migrating from iptables to nftables - Configuring cloud security groups - Troubleshooting connectivity issues ## Decision Framework: Which Firewall Tool? ### Cloud Environments **AWS:** - Instance-level control → **Security Groups** (stateful, allow-only rules) - Subnet-level enforcement → **Network ACLs** (stateless, allow + deny rules) - Use both for defense-in-depth **GCP:** - Use **VPC Firewall Rules** (stateful, priority-based) **Azure:** - Use **Network Security Groups** (NSGs) (stateful, priority-based) ### Host-Based Linux Firewalls **Ubuntu/Debian + Simplicity:** - Use **UFW** (Uncomplicated Firewall) - recommended for most users - Front-end for iptables/nftables with simplified syntax **RHEL/CentOS/Fedora:** - Use **firewalld** (default on Red Hat ecosystem) - Zone-based configuration with dynamic updates **Modern Distro + Advanced Control:** - Use **nftables** (best performance, modern standard) - O(log n) performance vs iptables O(n) - Unified IPv4/IPv6/NAT syntax **Legacy Systems:** - Use **iptables** (migrate to nftables when feasible) - Required for older kernels (< 4.14) ### Kubernetes/Containers