How to Install and Configure UFW Firewall On Debian 11.4
- 00:30 lsb_release -a
- 00:38 dpkg --get-selections | grep ufw
- 01:04 apt-get install ufw
- 01:33 ufw status
- 01:51 ufw enable
- 02:30 ufw status verbose
- 02:47 ufw allow ssh
- 03:17 ufw status numbered
- 03:37 ufw deny ftp
- 04:03 ufw allow 2290
- 04:40 ufw allow 2290:2300/tcp
- 05:11 ufw allow 2290:2300/udp
- 05:37 ufw allow from 192.168.2.135
- 06:13 ufw allow from 192.168.2.135 proto tcp to any port 22
- 07:03 ufw status numbered
- 07:27 ufw delete 6
- 07:49 ufw disable
To Install And Configure UFW Firewall In Linux Debian 11.4
Introduction:
UFW, or Uncomplicated Firewall, simplifies firewall configuration by providing an interface to iptables. Setting up a firewall correctly can be difficult for beginners with Iptables.
Pre-Requisites • Debian • Root privileges or admin privileges
Installation Procedure:
Step 1: Check the OS version by using the below command
root@debian:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
Step 2: Check whether ufw is installed by using the below command.
root@debian:~# dpkg --get-selections | grep ufw
Step 3: To know about the firewall status, run the below command.
root@debian:~# sudo ufw status
Status: inactive
Step 4: To enable UFW in the terminal, execute the below command.
root@debian:~# sudo ufw enable
Firewall is active and enabled on system startup
step 5: Again, check the firewall status, run the following command.
root@debian:~# sudo ufw status
Status: active
Step 6: After the firewall is activated, you can add your rules into it. If you want to see the default rules view using the below command
root@debian:~# sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
Step 7: The UFW helps us to open a particular port to allow the access to a user and trigger it by using the below command.
root@debian:~# sudo ufw allow ssh
Rule added
Rule added (v6)
Step 8: We can also add a rule by using the insert command and display the status in numbered format by running the below command.
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v
root@debian:~# sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22/tcp (v6) ALLOW IN Anywhere (v6)
Step 9: To deny FTP connection by using the below command.
root@debian:~# sudo ufw deny ftp
Rule added
Rule added (v6)
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
Step 10: Next allow the Particular port by using the below command
root@debian:~# sudo ufw allow 2290
Rule added
Rule added (v6)
Step 11: It also possible for you to add port-range into the rule. If we want to open port from 2290 – 2300 with TCP protocol, then the command will be like this.
root@debian:~# sudo ufw allow 2290:2300/tcp
Rule added
Rule added (v6)
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
Step 12: while if you want to use UDP, just use the below command.
root@debian:~# sudo ufw allow 2290:2300/udp
Rule added
Rule added (v6)
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
2290:2300/udp (v6) ALLOW Anywhere (v6)
Step 13: To allow connections from a specific IP address, use the below command.
root@debian:~# sudo ufw allow from 192.168.6.130
Rule added
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere
Anywhere ALLOW 192.168.6.130
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
2290:2300/udp (v6) ALLOW Anywhere (v6)
Step 14: We can also specify a specific port for the IP address that is allowed to connect by adding “to any port" followed by the port number.
root@debian:~# sudo ufw allow from 192.168.6.130 proto tcp to any port 22
Rule added
root@debian:~# sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
21/tcp DENY Anywhere
2290 ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere
Anywhere ALLOW 192.168.6.130
22/tcp ALLOW 192.168.6.130
22/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) DENY Anywhere (v6)
2290 (v6) ALLOW Anywhere (v6)
2290:2300/tcp (v6) ALLOW Anywhere (v6)
2290:2300/udp (v6) ALLOW Anywhere (v6)
Step 15: We can also add a rule by using the insert command and display the status in numbered format by running the below command.
root@debian:~# sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 21/tcp DENY IN Anywhere
[ 3] 2290 ALLOW IN Anywhere
[ 4] 2290:2300/tcp ALLOW IN Anywhere
[ 5] 2290:2300/udp ALLOW IN Anywhere
[ 6] Anywhere ALLOW IN 192.168.6.130
[ 7] 22/tcp ALLOW IN 192.168.6.130
[ 8] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 9] 21/tcp (v6) DENY IN Anywhere (v6)
[10] 2290 (v6) ALLOW IN Anywhere (v6)
[11] 2290:2300/tcp (v6) ALLOW IN Anywhere (v6)
[12] 2290:2300/udp (v6) ALLOW IN Anywhere (v6)
Step 16: Delete the rules from UFW by using the below command
root@debian:~# sudo ufw delete 6
Deleting:
allow from 192.168.6.130
Proceed with operation (y|n)? y
Rule deleted
Step 17: Disable the UFW firewall by using the below command
root@debian:~# sudo ufw disable
Firewall stopped and disabled on system startup
Step 18: Finally Reset the UFW firewall services by using the below command
root@debian:~# sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20230710_214016'
Backing up 'before.rules' to '/etc/ufw/before.rules.20230710_214016'
Backing up 'after.rules' to '/etc/ufw/after.rules.20230710_214016'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20230710_214016'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20230710_214016'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20230710_214016'
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure UFW Firewall in Linux Debian 11.4. Your feedback is much welcome.
Comments ( 0 )
No comments available