Firewalls are essential in securing computer systems and networks from unauthorized access, cyber-attacks, and other security threats. The traditional method of configuring firewalls on Linux systems involves using iptables, a powerful command-line tool that offers granular control over network traffic. However, configuring iptables can be daunting, especially for novice Linux users or those unfamiliar with network security.
Fortunately, Debian users can benefit from a simpler and user-friendly firewall solution called Uncomplicated Firewall (ufw). Developed as a front-end for iptables, ufw simplifies firewall configuration and management by providing an easy-to-use interface and syntax. Here are some of the key benefits of using ufw over iptables:
- User-friendly syntax: ufw uses a simplified syntax that makes it easy for users to define rules for allowing or blocking traffic. Instead of typing complex iptables commands, users can use straightforward commands like “ufw allow ssh” or “ufw deny http” to permit or deny traffic on specific ports or protocols.
- Default settings: ufw comes with pre-configured default settings that provide basic protection for the system while allowing essential services like SSH and DNS to function. This feature helps to reduce the chances of misconfigurations or human errors that can compromise security.
- Logging: ufw provides built-in logging capabilities that allow users to monitor network traffic and identify potential security threats. Users can view logs using standard Linux tools like syslog or journalctl.
- Integration with Debian: ufw is the default firewall solution on Debian systems, which means it is well-supported and integrated with other system components. Users can use Debian’s package management tools like apt to install and manage ufw.
- Compatibility with iptables: ufw uses iptables as its backend, which means it is fully compatible with iptables rules and commands. Users familiar with iptables can easily migrate their rules to ufw without losing functionality.
In summary, ufw offers a user-friendly and streamlined firewall solution for Debian users who may not be familiar with iptables or network security. The guide will demonstrate how to install ufw firewall on Debian 12 Bookworm, Debian 11 Bullseye, or Debian 10 Buster, along with how to use basic ufw commands to protect the system from network threats.
Table of Contents
Step 1: Install UFW
If you’re new to Debian Linux and the command terminal, learning to secure your system with a firewall can be daunting. Fortunately, Debian users can easily use Uncomplicated Firewall (UFW) to manage their system’s security.
Before installing UFW, it’s essential to ensure that your system is up-to-date to avoid any conflicts during installation. Run the following command to update your system:
sudo apt update && sudo apt upgrade
Note that if your Linux Kernel was updated, you may need to reboot your system.
Once your system is updated, you can install UFW by running the following command:
sudo apt install ufw
Unlike other Debian-based distributions like Ubuntu, UFW isn’t installed by default in Debian. Therefore, it’s crucial to install UFW manually.
After installing UFW, you need to enable the service by running the following command:
sudo systemctl enable ufw --now
This command will start and enable the UFW service at boot time, ensuring that your system remains protected even after a restart.
Finally, it’s essential to verify the status of UFW to ensure it’s running without errors. You can check the status of the UFW service by running the following command:
systemctl status ufw
By running the commands above, you have successfully installed UFW and ensured that it is running correctly. In the next step, we’ll explore the basics of using UFW to protect your system.
Step 2: Enable UFW Firewall
Now that UFW is installed and running, enabling the firewall is next. By default, UFW blocks all incoming traffic and allows all outbound traffic. Enabling the firewall ensures that your system remains protected by blocking unauthorized access.
To enable UFW, run the following command:
sudo ufw enable
After running the command, you’ll receive a confirmation message that the firewall is active and will start automatically whenever you restart your system. Here’s an example output:
Firewall is active and enabled on system startup
Once the firewall is active, it will block all incoming traffic to your system, protecting you from unauthorized access. However, it’s worth noting that this might also prevent some legitimate traffic, such as access to services that you need.
Step 3: How to Check UFW Status
After enabling the UFW firewall, verifying that the rules are active and correctly configured is crucial. You can check the status of your firewall using the following command:
sudo ufw status verbose
Running this command will show you the current status of the firewall, including any active rules and the default policies set for incoming and outgoing traffic.
Example that you may see, with different rules compared to below:
To get a more concise view of your firewall rules, you can use the “numbered” option instead. This option shows your firewall rules in a numbered sequence, making identifying and managing them easier. Use the following command to list your firewall rules in numbered sequence:
sudo ufw status numbered
The numbered output displays the rules in a more organized manner, making it easier to identify and manage them. You can use the rule numbers to modify or delete specific rules using the “delete” command.
In conclusion, verifying the status of your firewall is essential to ensure your system is protected from unauthorized access. Using the commands outlined in this step, you can easily check the status of your UFW firewall and identify any misconfigurations.
Step 4: How to set UFW Default Policies
The default setting of the UFW firewall is to block all incoming connections and allow all outbound connections. This configuration is the most secure as it ensures no unauthorized users can connect to your system without your explicit permission. To allow incoming connections, you must create specific rules that permit traffic based on IP addresses, programs, ports, or a combination of these factors.
To modify the UFW rules, you can enter the following command in the terminal:
To deny all incoming connections:
sudo ufw default deny incoming
To allow all outgoing connections:
sudo ufw default allow outgoing
By default, UFW is already enabled with the default rules. However, you can modify these rules to suit your specific needs. For instance, if you want to block all outgoing connections and only allow specific outbound connections, you can use the following command to adjust the rules accordingly:
To block all outgoing connections:
sudo ufw default deny outgoing
It is worth noting that in the future, if you need to locate the default UFW firewall policies, you can find them in the /etc/default/ufw file. This file contains the configuration settings for UFW, including the default policies for both incoming and outgoiadng traffic. By modifying the settings in this file, you can customize the firewall rules to meet your specific security needs.
Step 5: Additional UFW Commands
The following sections will cover some of the fundamental aspects of UFW. By default, most desktop users will benefit from simply blocking incoming connections and allowing all outgoing traffic, which is suitable for most environments. However, UFW provides additional configurations that can be useful for both desktops and servers. Some examples of what you can do with UFW will be shown below.
View UFW Application Profiles
If you’re interested in learning more about the application profiles available through UFW, you can view them by running the following command:
sudo ufw app list
This will display a list of all the available application profiles. It’s important to remember that the list of applications may vary depending on what software you have installed on your system.
One useful feature of UFW application profiles is getting more information about a specific profile. To do this, run the following command:
sudo ufw app info [application]
Replace [application] with the name of the application you want to learn more about. This command will provide a brief description of the application, as well as the ports it uses. This is helpful when investigating open ports and trying to determine what application they belong to.
Enable IPv6 on UFW
If your Debian system is configured with IPv6, you’ll need to ensure that UFW is configured to support IPv6 and IPv4 traffic. By default, UFW should automatically enable support for both versions of IP; however, it’s a good idea to confirm this.
To do so, open the default UFW firewall file using the following command:
sudo nano /etc/default/ufw
Once the file is open, locate the following line:
If the value is set to “no,” change it to “yes” and save the file by pressing
CTRL+O and then
CTRL+X to exit.
After making changes to the file, you’ll need to restart the UFW firewall service for the changes to take effect. To do so, run the following command:
sudo systemctl restart ufw
This will restart the UFW firewall service with the new configuration, enabling support for IPv6 traffic.
Allow UFW SSH Connections
SSH (Secure Shell) is crucial to remotely accessing Linux servers. However, by default, UFW does not allow SSH connections. This can be problematic, especially if you have enabled the firewall remotely, as you may find yourself locked out. To allow SSH connections, you need to follow these steps.
First, enable the SSH application profile by typing the following command:
sudo ufw allow ssh
If you have set up a custom listening port for SSH connections other than the default port 22, for example, port 3541, you must open the port on the UFW firewall by typing the following.
sudo ufw allow 3541/tcp
If you want to block all SSH connections or change the port and block the old ones, you can do so using the following commands.
Use the following command to block all SSH connections (make sure local access is possible):
sudo ufw deny ssh/tcp
If changing the custom SSH port, open a new port and close the existing one, example:
sudo ufw deny 3541/tcp
Enable UFW Ports
UFW can be used to allow access to specific ports for applications or services. In this section, we will cover how to open HTTP (port 80) and HTTPS (port 443) ports for a web server, as well as how to allow port ranges.
To allow HTTP port 80, you can use any of the following commands:
- Allow by application profile:
sudo ufw allow 'Nginx HTTP
- Allow by service name:
sudo ufw allow http
- Allow by port number:
sudo ufw allow 80/tcp
To allow HTTPS port 443, you can use any of the following commands:
- Allow by application profile:
sudo ufw allow 'Nginx HTTPS'
- Allow by service name:
sudo ufw allow https
- Allow by port number:
sudo ufw allow 443/tcp
If you want to allow both HTTP and HTTPS ports, you can use the following command:
sudo ufw allow 'Nginx Full'
UFW Allow Port Ranges
In addition to allowing individual ports, you can also allow port ranges. When opening a port range, you must identify the port protocol.
To allow a port range with TCP and UDP protocols, use the following commands:
sudo ufw allow 6500:6800/tcp sudo ufw allow 6500:6800/udp
Alternatively, you can allow multiple ports in one hit using the following commands:
sudo ufw allow 6500, 6501, 6505, 6509/tcp sudo ufw allow 6500, 6501, 6505, 6509/udp
Allow Remote Connections on UFW
Enabling remote connections on UFW can be crucial for networking purposes, and it can be done easily with a few simple commands. This section explains how to allow remote connections to your system through UFW.
UFW Allow Specific IP Addresses
To allow specific IP addresses to connect to your system, you can use the following command. This is useful when you need to allow only certain systems to connect to your server, and you can specify their IP addresses.
sudo ufw allow from 192.168.55.131
UFW Allow Specific IP Address on Specific Port
If you need to allow an IP to connect to a specific port on your system, you can use the following command. For instance, if you need to allow an IP to connect to your system’s port 3900, you can use this command:
sudo ufw allow from 192.168.55.131 to any port 3900
Allow Subnet Connections to a Specified Port
To allow connections from a range of IPs in a subnet to a specific port, you can use the following command. This is useful when you need to allow connections from a specific range of IPs, and you can specify the subnet to allow connections.
sudo ufw allow from 192.168.1.0/24 to any port 3900
This command will allow all IP addresses from 192.168.1.1 to 192.168.1.254 to connect to port 3900.
Allow Specific Network Interface
If you need to allow connections to a specific network interface, you can use the following command. This is useful when you have multiple network interfaces and need to allow connections to a specific interface.
sudo ufw allow in on eth2 to any port 3900
By using these commands, you can easily allow remote connections to your system through UFW while maintaining the security of your system.
Deny Remote Connections on UFW
If you’ve noticed suspicious or unwanted traffic coming from a particular IP address, you can deny connections from that address using UFW. By default, UFW denies all incoming connections, but you can create specific rules to block connections from specific IPs or IP ranges.
For example, to block connections from a single IP address, you can use the following command:
sudo ufw deny from 188.8.131.52
If a hacker is using multiple IP addresses within the same subnet to attack your system, you can block the entire subnet by specifying the IP range in CIDR notation:
sudo ufw deny from 184.108.40.206/24
You can also create rules to deny access to specific ports for the blocked IP or IP range. For example, to block connections from the same subnet to ports 80 and 443, you can use the following commands:
sudo ufw deny from 220.127.116.11/24 to any port 80 sudo ufw deny from 18.104.22.168/24 to any port 443
It’s important to note that blocking incoming connections can be an effective security measure, but it’s not foolproof. Hackers can still use techniques like IP spoofing to disguise their true IP address. Therefore, it’s important to implement multiple layers of security and not rely solely on IP blocking.
Delete UFW Rules
Deleting unnecessary or unwanted UFW rules is essential for maintaining an organized and efficient firewall. You can delete UFW rules in two different ways. Firstly, to delete a UFW rule using its number, you need to list the rule numbers by typing the following command:
sudo ufw status numbered
The output will display a list of numbered UFW rules, allowing you to identify the rule you want to delete. Once you have determined the number of the rule you wish to remove, type the following command:
sudo ufw delete [rule number]
For instance, suppose you want to delete the third rule for IP Address 22.214.171.124. In that case, you need to find the rule number by running the “sudo ufw status numbered” command and type the following command in your terminal:
sudo ufw delete 3
Deleting rules that are no longer required helps to maintain the security and efficiency of your firewall.
How to Access and View UFW Logs
The UFW firewall logs all events that take place, and it is essential to review these logs periodically to identify potential security breaches or troubleshoot network issues. By default, UFW logging is set to low, which is adequate for most desktop systems. However, servers may require a higher level of logging to capture more details.
You can adjust the logging level of UFW to low, medium, high, or disable it entirely. To set the UFW logging level to low, use the following command:
sudo ufw logging low
To set UFW logging to medium:
sudo ufw logging medium
To set UFW logging to high:
sudo ufw logging high
The last option is to disable logging altogether, be sure you are happy with this and will not require log checking.
sudo ufw logging off
To view UFW logs, you can find them in the default location of /var/log/ufw.log. You can use the tail command to view live logs or print out a specified number of recent log lines. For instance, to view the last 30 lines of the log, use the following command:
sudo ufw tail /var/log/ufw.log -n 30
Reviewing the logs, you can determine which IP addresses are attempting to connect to your system and identify any suspicious or unauthorized activities. Furthermore, reviewing the logs can help you understand network traffic patterns, which can help you optimize network performance and identify any issues that may arise.
Test UFW Rules
It is always a good idea to test your UFW firewall rules before applying them to ensure they work as intended. The “–dry-run” flag allows you to see the changes that would have been made without actually applying them. For highly critical systems, this is a useful option to prevent any accidental changes.
To use the “–dry-run” flag, type the following command:
sudo ufw --dry-run enable
To disable the “–dry-run” flag, simply use the following command:
sudo ufw --dry-run disable
How to Reset UFW Rules
In some cases, you may need to reset your firewall back to its original state with all incoming connections blocked and outgoing connections allowed. This can be done using the “reset” command:
sudo ufw reset
Confirm reset, enter the following:
sudo ufw status
The output should be:
Once the reset is complete, the firewall will be inactive, and you will need to re-enable it and start the process of adding new rules. It is important to note that the reset command should be used sparingly, as it removes all existing rules and can potentially leave your system vulnerable if not done correctly.
How to find All Open Ports (Security Check)
The security of your system should be a top priority, and one way to ensure it is by checking for open ports regularly. By default, UFW blocks all incoming connections, but sometimes ports may be left open inadvertently or for legitimate reasons. In this case, it is essential to know which ports are open and why.
One way to check for open ports is by using Nmap, a well-known and trusted network exploration tool. To use Nmap, you need to install it first by typing the following command.
sudo apt install nmap
Next, find your system’s internal IP address by typing:
With the IP address, run the following command:
Nmap will scan your system and list all open ports. If you find any open ports you are unsure about, investigate them before closing or blocking them, as it may break services or lock you out of your system.
To close or restrict open ports, you can create custom UFW rules you learned in this tutorial. UFW blocks all incoming connections by default, so ensure you are not blocking legitimate traffic before implementing any changes.
How to Remove UFW Firewall
UFW is a valuable tool to manage firewall rules and secure your Debian system. However, there may be situations where you need to disable or remove UFW.
If you want to disable UFW temporarily, you can do so by typing the following command:
sudo ufw disable
This will turn off the firewall, allowing all traffic to pass through the system.
On the other hand, if you need to remove UFW from your system completely, you can do so with the following command:
sudo apt remove ufw
However, it’s essential to note that removing UFW altogether from your system may leave it vulnerable to external attacks. Unless you have a solid alternative to manage your system’s firewall or understand how to use IPTables, it’s not advisable to remove UFW.
Therefore, before removing UFW, ensure you have an alternative solution to maintain your system’s security and prevent unauthorized access.
It is essential to install and set up the UFW firewall on Debian to safeguard your system against harmful assaults. This measure should be taken regardless of the environment you operate in, as long as you are connected to any internal or external network.
Additional Resources and Links
To deepen your understanding of UFW Firewall and its installation on Debian, the following official resources and documentation are provided:
- UFW Official Website: Visit the official website to explore UFW’s features, updates, and news directly from the developers.
- UFW Debian Package: Access the Debian package page for UFW, which provides details about the package and its dependencies.
- Debian Official Documentation: Gain comprehensive knowledge about Debian, its features, and system administration through the official documentation.
- Debian Wiki: The Debian Wiki offers a wealth of information on various topics, including troubleshooting, community support, and development.