How to Install and Configure UFW Firewall in Linux Debian 11.3
- 00:27 lsb_release -a
- 00:39 dpkg --get-selections | grep ufw
- 01:01 apt-get install ufw
- 01:21 ufw status
- 01:33 ufw enable
- 01:44 ufw status
- 02:00 ufw status verbose
- 02:17 ufw allow ssh
- 02:29 ufw status
- 02:48 ufw status numbered
- 03:08 ufw deny ftp
- 03:26 ufw status
- 03:58 ufw allow 2290
- 04:20 ufw allow 2290:2300/tcp
- 04:35 ufw status
- 04:52 ufw allow 2290:2300/udp
- 05:28 ufw allow from 192.168.2.135
- 06:27 ufw allow from 192.168.2.135 proto tcp to any port 22
- 07:06 ufw status
- 07:29 ufw status numbered
- 07:37 ufw delete 6
- 07:55 ufw disable
To Install and Configure UFW Firewall in Linux Debian 11.3
Introduction:
UFW, or Uncomplicated Firewall, is an interface to iptables aimed at simplifying firewall configuration. While iptables can be difficult for beginners to master in order to set up a firewall properly.
Pre-Requisites
• Debian
• Root privileges or admin privileges
Installation Procedure:
Step 1: Check the OS version by using the below command
root@linuxhelp: ~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
Step 2: First, check whether ufw is installed by using the below command.
root@linuxhelp: ~# dpkg --get-selections | grep ufw
If it’s not installed, i can install it using apt following commands
root@linuxhelp: ~# apt-get install ufw
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
galera-4 gsasl-common libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbi-perl
libfcgi-bin libfcgi-perl libfcgi0ldbl libgsasl7 libhtml-template-perl libntlm0
libterm-readkey-perl mailutils-common socat
Use 'apt autoremove' to remove them.
The following NEW packages will be installed:
ufw
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 167 kB of archives.
After this operation, 857 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 ufw all 0.36-7.1 [167 kB]
Fetched 167 kB in 0s (462 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 286903 files and directories currently installed.)
Preparing to unpack .../archives/ufw_0.36-7.1_all.deb ...
Unpacking ufw (0.36-7.1) ...
Setting up ufw (0.36-7.1) ...
Step 3: To know about the firewall status, run the below command.
root@linuxhelp: ~# ufw status
Status: inactive
Step 4: To enable UFW in the terminal, execute the below command.
root@linuxhelp: ~# ufw enable
Firewall is active and enabled on system startup
system startup
step 5: Again, check the firewall status, run the following command.
root@linuxhelp: ~# ufw status
Status: active
Step 6: After the firewall is activated, you can add your rules into it. If you want to see the default rules view using the below command
root@linuxhelp: ~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
Step 7: The UFW helps us to open a particular port to allow the access to a user and trigger it by using the below command.
root@linuxhelp: ~# ufw allow ssh
Rule added
Rule added (v6)
root@linuxhelp: ~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Step 8: We can also add a rule by using the insert command and display the status in numbered format by running the below command.
root@linuxhelp: ~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22/tcp (v6) ALLOW IN Anywhere (v6)
Step 9: To deny FTP connection by using the below command.
root@linuxhelp: ~# ufw deny ftp
Rule added
Rule added (v6)
root@linuxhelp: ~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
Step 10: Next allow the Particular port by using the below command
root@linuxhelp: ~# ufw allow 2290
Rule added
Rule added (v6)
Step 11: It also possible for you to add port-range into the rule. If we want to open port from 2290 – 2300 with TCP protocol, then the command will be like this.
root@linuxhelp: ~# ufw allow 2290:2300/tcp
Rule added
Rule added (v6)
root@linuxhelp: ~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
Step 12: while if you want to use UDP, just use the below command.
root@linuxhelp: ~# ufw allow 2290:2300/udp
Rule added
Rule added (v6)
Step 13: To allow connections from a specific IP address, use the below command.
root@linuxhelp: ~# ufw allow from 192.168.2.135
Rule added
root@linuxhelp: ~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere
Anywhere ALLOW 192.168.2.135
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
2290:2300/udp (v6) ALLOW Anywhere (v6)
Step 14: We can also specify a specific port for the IP address that is allowed to connect by adding “to any port" followed by the port number.
root@linuxhelp: ~# ufw allow from 192.168.2.135 proto tcp to any port 22
Rule added
root@linuxhelp: ~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere
Anywhere ALLOW 192.168.2.135
22 ALLOW Anywhere
22/tcp ALLOW 192.168.2.135
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
2290:2300/udp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Step 15: We can also add a rule by using the insert command and display the status in numbered format by running the below command.
root@linuxhelp: ~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 21/tcp DENY IN Anywhere
[ 3] 2290 ALLOW IN Anywhere
[ 4] 2290:2300/tcp ALLOW IN Anywhere
[ 5] 2290:2300/udp ALLOW IN Anywhere
[ 6] Anywhere ALLOW IN 192.168.2.135
[ 7] 22 ALLOW IN Anywhere
[ 8] 22/tcp ALLOW IN 192.168.2.135
[ 9] 22/tcp (v6) ALLOW IN Anywhere (v6)
[10] 21/tcp (v6) DENY IN Anywhere (v6)
[11] 2290 (v6) ALLOW IN Anywhere (v6)
[12] 2290:2300/tcp (v6) ALLOW IN Anywhere (v6)
[13] 2290:2300/udp (v6) ALLOW IN Anywhere (v6)
[14] 22 (v6) ALLOW IN Anywhere (v6)
Step 16: Delete the rules from UFW by using the below command
root@linuxhelp: ~# ufw delete 6
Deleting:
allow from 192.168.2.135
Proceed with operation (y|n)? y
Rule deleted
Step 17: Disable the UFW firewall by using the below command
root@linuxhelp: ~# ufw disable
Firewall stopped and disabled on system startup
Step 18: Finally Reset the UFW firewall services by using the below command
root@linuxhelp: ~# ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20220805_152040'
Backing up 'before.rules' to '/etc/ufw/before.rules.20220805_152040'
Backing up 'after.rules' to '/etc/ufw/after.rules.20220805_152040'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20220805_152040'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20220805_152040'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20220805_152040'
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure UFW Firewall in Linux Debian 11.3. Your feedback is much welcome.
Comments ( 0 )
No comments available