LAB: Simple firewall on Kali (or Ubuntu or Debian)

Let's try setting up a simple firewall on Kali to block access to all ports on Kali except for whichever ports we want.

You'll need to do a bunch of internet searches to answer the questions today. If you can't get answers fairly quickly, feel free to ask me. LLMs are fair game.

A little background:

From 2001-2013, the Linux kernel used a system called iptables to control the flow of packets. There is still a command named iptables, which is pretty hard to use without knowing a lot about how the underlying system works.
In January 2014, Linux started using a new packet filtering system called nftables, which remains in the kernel in 2025.
There's a command called nft that helps us manipulate the behavior of nftables. We will use this command.
There's also a command named ufw which provides a simpler user interface for managing nftables, but it's not installed by default on Kali (or on lots of other Linux systems). You will definitely see references to ufw online if you're searching for nftables guidance, so if you want to use it, go ahead and install it on your Kali VM.

Your Carleton user name, lower case:

What IP addresses can your host computer (macOS or Windows or WSL, presumably) use to communicate with each other? How did you determine those IPs?

Is nftables enabled on your Kali VM? How can you tell?

Suppose you want to check to make sure nftables isn't blocking requests to port X. How would you set up a test on Kali and your host system to make sure port X isn't being blocked?

What nmap syntax would you use to check which ports on Kali have servers listening on them? (And does your syntax cover all the possible ports, or just some common subset?)

What can you do to set up a server listening at port X on Kali and connect to that server from your host system?

How can you use systemctl to launch an SSH server and a web server (try Apache) on Kali?

Try to interact with the SSH and web servers you just launched using clients on your host system. List the commands you used to do so.

Try running nmap again. Does it reveal your SSH and web servers?

What nft command would you use to block the port your web server is running on?

Is your web server's port blocked? How can you tell? Is SSH's port blocked? How can you tell?

Suppose you want to launch the SSH and web servers but block the web server's port every time you reboot Kali. How can you use systemctl and nft to make sure that happens? (And give it a test--did it work?)