- Raspbian, Ubuntu

Use ufw to config the firewall on Debian

Abstract

This article aims at config firewall with ufw tool on Debian core system, such as raspbian and ubuntu, and below we will take Raspbian as example.

Install ufw

Install ufw with command below:

sudo apt install ufw

Check ufw firewall status

Check the ufw status with command below, it will show the ports allowed in firewall:

sudo ufw status

For example, in the figure below, port 22, 3306 and 8082 are allowed from anywhere(income direction) to be accessed:

Add new ufw firewall rule

Allow rule

Allow port(eg. 8000) to access the ufw firewall with command below:

sudo ufw allow 8000

Deny rule

Deny port(eg. 8082) to access the ufw firewall with command below:

sudo ufw deny 8082

Delete exist ufw firewall rule

Delete exist port(eg. 80) allow rule with command below:

sudo ufw delete allow 80

Set default ufw firewall rule

In most of conditions, outgoing access are always allowed, and only income access of required port are allowed. Therefore, we use command below to set default rule:

sudo ufw default allow outgoing
sudo ufw default deny incoming

Attention: if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!!

sudo ufw allow 22

Enable or disable ufw

Attention again: before the first time enable the ufw, if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!!

Enable ufw firewall

sudo ufw enable

Disable ufw firewall

sudo ufw disable

We can check the status of ufw to see whether it is active or not.

Advanced ufw rules

Allow connection from a specific IP address

sudo ufw allow from 123.456.789.100

Allow connection from a specific subnets

sudo ufw allow from 123.456.789.100/24

Allow connection based on TCP or UDP

sudo ufw allow 101/tcp
sudo ufw allow 101/udp

All the allow can be changed to deny depend on the requirement.

About Ziqi.Yang394

Read All Posts By Ziqi.Yang394

Leave a Reply

Your email address will not be published. Required fields are marked *