This post illustrates how to set up a simple firewall (UFW) in Debian OS (or basically any other linux operating system).
Prerequisites: Only Root user or a user with sudo privileges can make changes to the firewall. The below codes are used for installation on Debian 10. For other OS, please check here.
sudo apt update && apt upgrade -y sudo apt install ufw -y
The installation will not activate post completion. This is to safeguard the users from getting locked out of their ssh sessions (as is the case when working with linux servers).
We first need to configure the basic ports being used and default rules:
sudo ufw default deny sudo ufw allow 22/tcp [or any other port being used for SSH] sudo ufw allow 80/tcp [if used for http] sudo ufw allow 443/tcp [if used for https] ...
UFW rules can also be modified based on application profiles. Most of the applications ship with an application profile that describes the service and contains UFW settings. These profiles can be listed by:
sudo ufw utf --help
And more information about each application profile can be found by using:
sudo ufw app info [Application Name]
UFW rules can be changed using application profile, such as OpenSSH, as following:
sudo ufw allow OpenSSH or sudo ufw deny OpenSSH
To whitelist traffic from a certain IP, the following command can be used:
sudo ufw allow from [IPv4 or IPv6 address]
To whitelist traffic from a certain IP to a certain, the following command can be used:
sudo ufw allow from [IPv4 or IPv6 address] to any port [Port Number]
The command for allowing connection from a subnet of IP addresses is the same as when using a single IP address. The only difference is that you need to specify the netmask.
To whitelist traffic on a specific port to a specific network interface, we use the name of the network interface:
sudo ufw allow in on [network interface name like eth0] to any port [Port No.]
Earlier we set the default policy for all incoming connections to "deny", which means that UFW will block all incoming connections unless we specifically whitelist them.
Writing deny rules is the same as writing allow rules. We only need to replace
Deleting UFW Rules
There are two different ways to delete UFW rules. By rule number and by specifying the actual rule.
To find the rule numbers, we can run the following command:
sudo ufw status numbered
To delete a rule number, we can use the following command:
sudo ufw delete 3 [This will delete rule no. 3]
The second method is to delete a rule by specifying the actual rule. For example, if you added a rule to open port
8069 you can delete it with:
sudo ufw delete allow 8069
Enabling and Disabling UFW
Post completion of configurations, we can enable UFW with the following command:
sudo ufw enable
Similarly we can disable the UFW with the below command:
sudo ufw disable
To check the status of UFW and the configurations of ports, we can use the following command:
sudo ufw status verbose