{"id":224,"date":"2019-11-01T14:08:55","date_gmt":"2019-11-01T14:08:55","guid":{"rendered":"http:\/\/blog.davcloud.top\/?p=224"},"modified":"2020-01-27T20:38:55","modified_gmt":"2020-01-27T20:38:55","slug":"use-ufw-to-config-the-firewall-on-debian","status":"publish","type":"post","link":"https:\/\/blog.davcloud.top\/?p=224","title":{"rendered":"Use ufw to config the firewall on Debian"},"content":{"rendered":"\n<h2>Abstract<\/h2>\n\n\n\n<p>This article aims at config firewall with ufw tool on Debian core system, such as raspbian and ubuntu, and below we will take Raspbian as example.<\/p>\n\n\n\n<h2>Install ufw<\/h2>\n\n\n\n<p>Install ufw with command below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install ufw<\/code><\/pre>\n\n\n\n<h2>Check ufw firewall status<\/h2>\n\n\n\n<p>Check the ufw status with command below, it will show the ports allowed in firewall:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw status<\/code><\/pre>\n\n\n\n<p>For example, in the figure below, port 22, 3306 and 8082 are allowed from anywhere(income direction) to be accessed:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"334\" height=\"138\" src=\"https:\/\/blog.davcloud.top\/wp-content\/uploads\/2019\/11\/image-1.png\" alt=\"\" class=\"wp-image-236\" srcset=\"https:\/\/blog.davcloud.top\/wp-content\/uploads\/2019\/11\/image-1.png 334w, https:\/\/blog.davcloud.top\/wp-content\/uploads\/2019\/11\/image-1-300x124.png 300w\" sizes=\"(max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<h2>Add new ufw firewall rule<\/h2>\n\n\n\n<h3>Allow rule<\/h3>\n\n\n\n<p>Allow port(eg. 8000) to access the ufw firewall with command below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 8000<\/code><\/pre>\n\n\n\n<h3>Deny rule<\/h3>\n\n\n\n<p>Deny port(eg. 8082) to access the ufw firewall with command below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw deny 8082<\/code><\/pre>\n\n\n\n<h2>Delete exist ufw firewall rule<\/h2>\n\n\n\n<p>Delete exist port(eg. 80) allow rule with command below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw delete allow 80<\/code><\/pre>\n\n\n\n<h2>Set default ufw firewall rule<\/h2>\n\n\n\n<p>In most of conditions, outgoing access are always allowed, and only income access of required port are allowed. Therefore, we use command below to set default rule:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw default allow outgoing\nsudo ufw default deny incoming<\/code><\/pre>\n\n\n\n<p class=\"has-text-color has-vivid-red-color\">Attention: if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!!<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 22<\/code><\/pre>\n\n\n\n<h2>Enable or disable ufw<\/h2>\n\n\n\n<p class=\"has-text-color has-vivid-red-color\">Attention again: before the first time enable the ufw, if you connected to devices with ssh on 22 port, please add allow rule for 22 port first, otherwise you will no longer to access to the devices by ssh(for other ssh port is the same)!!! <\/p>\n\n\n\n<h3>Enable ufw firewall<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw enable<\/code><\/pre>\n\n\n\n<h3>Disable ufw firewall<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw disable<\/code><\/pre>\n\n\n\n<p>We can check the status of ufw to see whether it is active or not.<\/p>\n\n\n\n<h2>Advanced ufw rules<\/h2>\n\n\n\n<h3>Allow connection from a specific IP address<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow from 123.456.789.100<\/code><\/pre>\n\n\n\n<h3>Allow connection from a specific subnets<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow from 123.456.789.100\/24<\/code><\/pre>\n\n\n\n<h3>Allow connection based on TCP or UDP<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 101\/tcp\nsudo ufw allow 101\/udp<\/code><\/pre>\n\n\n\n<p class=\"has-text-color has-vivid-cyan-blue-color\">All the allow can be changed to deny depend on the requirement.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Abstract This article aims at config firewall with ufw tool on Debian core system, such as raspbian and ubuntu, and below we will take Raspbian as example. Install ufw Install ufw with command below: Check ufw firewall status Check the ufw status with command below, it will show the ports allowed in firewall: For example, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14,13],"tags":[36],"_links":{"self":[{"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/posts\/224"}],"collection":[{"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=224"}],"version-history":[{"count":25,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/posts\/224\/revisions"}],"predecessor-version":[{"id":805,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=\/wp\/v2\/posts\/224\/revisions\/805"}],"wp:attachment":[{"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.davcloud.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}