Many firewall solutions are available for Linux/Unix-based operating systems, such as Raspbian OS in the case of Raspberry Pi. These firewall solutions have IP tables underneath to filter packets coming from different sources and allow only the legitimate ones to enter the system. IP tables are installed in Raspberry Pi by default but are not set up. It is a bit tedious to set up the default IP table. So, we will use an alternate tool, Uncomplicated Fire Wall (UFW), which is extremely easy to set up and use ufw.
Below are a few examples of the ufw command.
ufw Command Examples
1. Enable ufw:
# ufw enable
2. Disable ufw:
# ufw disable
3. Show ufw rules, along with their numbers:
# ufw status numbered
4. Allow incoming traffic on port 5432 on this host with a comment identifying the service:
# ufw allow 5432 comment "Service"
5. Allow only TCP traffic from 192.168.0.4 to any address on this host, on port 22:
# ufw allow proto tcp from 192.168.0.4 to any port 22
6. Deny traffic on port 80 on this host:
7. Deny all UDP traffic to ports in range 8412:8500:
# ufw deny proto udp from any to any port 8412:8500
8. Delete a particular rule. The rule number can be retrieved from the `ufw status numbered` command:
# ufw delete rule_number
9. Check the status of UFW:
# ufw status
10. Add a new rule to allow SSH:
# ufw allow ssh
11. Alternatively, you can use a port number to open a particular port:
# ufw allow 22
12. Allow only TCP traffic over HTTP (port 80):
# ufw allow http/tcp
13. Deny incoming FTP traffic:
# ufw deny ftp
14. Check all added rules before starting the firewall:
# ufw show added
15. Get a numbered list of added rules:
# ufw status numbered
16. You can also allow all ports in a range by specifying a port range:
# ufw allow 1050:5000/tcp
17. If you want to open all ports for a particular IP address, use the following command:
# ufw allow from 10.0.2.100
18 Alternatively, you can allow an entire subnet, as follows:
# ufw allow from 10.0.2.0/24
19. You can also allow or deny a specific port for a given IP address:
# ufw allow from 10.0.2.100 to any port 2222 # ufw deny from 10.0.2.100 to any port 5223
20. To specify a protocol in the preceding rule, use the following command:
# ufw deny from 10.0.2.100 proto tcp to any port 5223
21. Deleting rules:
# ufw delete allow ftp
22. Delete rules by specifying their numbers:
# ufw status numbered # ufw delete 2
23. Add a new rule at a specific number:
# ufw insert 1 allow 5222/tcp # Inserts a rule at number 1
24. If you want to reject outgoing FTP connections, you can use the following command:
# ufw reject out ftp
25. UFW also supports application profiles. To view all application profiles, use the following command:
# ufw app list
26. Get more information about the app profile using the following command:
# ufw app info OpenSSH
27. Allow the application profile as follows:
# ufw allow OpenSSH
28. Set ufw logging levels [off|low|medium|high|full] with the help of the following command:
# ufw logging medium
29. View firewall reports with the show parameter:
# ufw show added # list of rules added # ufw show raw # show complete firewall
30 Reset ufw to its default state (all rules will be backed up by UFW):
# ufw reset