Abstract
This article aims at config firewall with ufw tool on Debian core system, such as raspbian and ubuntu, and below we will take Raspbian as example.
Install ufw
Install ufw with command below:
sudo apt install ufw
Check ufw firewall status
Check the ufw status with command below, it will show the ports allowed in firewall:
sudo ufw status
For example, in the figure below, port 22, 3306 and 8082 are allowed from anywhere(income direction) to be accessed:
Add new ufw firewall rule
Allow rule
Allow port(eg. 8000) to access the ufw firewall with command below:
sudo ufw allow 8000
Deny rule
Deny port(eg. 8082) to access the ufw firewall with command below:
sudo ufw deny 8082
Delete exist ufw firewall rule
Delete exist port(eg. 80) allow rule with command below:
sudo ufw delete allow 80
Set default ufw firewall rule
In most of conditions, outgoing access are always allowed, and only income access of required port are allowed. Therefore, we use command below to set default rule:
sudo ufw default allow outgoing
sudo ufw default deny incoming
Attention: if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!!
sudo ufw allow 22
Enable or disable ufw
Attention again: before the first time enable the ufw, if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!!
Enable ufw firewall
sudo ufw enable
Disable ufw firewall
sudo ufw disable
We can check the status of ufw to see whether it is active or not.
Advanced ufw rules
Allow connection from a specific IP address
sudo ufw allow from 123.456.789.100
Allow connection from a specific subnets
sudo ufw allow from 123.456.789.100/24
Allow connection based on TCP or UDP
sudo ufw allow 101/tcp
sudo ufw allow 101/udp
All the allow can be changed to deny depend on the requirement.