Setup UFW firewall on Debian 9
UFW stands for uncomplicated firewall used to manage firewall rules in Debian. UFW simplifies the process of configuring the firewall. In this tutorial, you will learn how to setup the UFW firewall on Debian.
Before you start to configure UFW on Debian 9. You must have the non-root user account on your server with sudo privileges.
Before You Begin
Install UFW by using the following command
sudo apt install ufw
Set up default policies
Most of the time your system needs to have only some ports open for incoming connections and closed all remaining ports. With UFW you can set these things by using the following commands
To deny all incoming connections type following in the terminal
sudo ufw default deny incoming
To allow all outgoing connections type following in terminal.
sudo ufw default allow outgoing
You can service name or port number to add new rules. It’s very much easier to add rules in UFW. Following is the format to add new rules
sudo ufw ACTION PORT_NUMBER
In above format ACTION can be allowed, deny etc. and PORT_NUMBER is the numeric value.
To Allow incoming and outgoing connection on port 22(SSH) execute the following command
sudo ufw allow 22
Or you can also run
sudo ufw allow ssh
You can deny traffic on a certain port by typing
sudo ufw deny 112
You can delete any of the rule added to ufw by executing the following command.
In the following example, you are going to delete rule which allows connection on port number 80
sudo ufw delete allow 80
Adding advanced rules
To deny connections from specific IP address:
sudo ufw deny from 220.127.116.11
To allow connections from specific IP address:
sudo ufw allow from 18.104.22.168
Checking UFW status
You can check UFW status and all the rules by typing
sudo ufw status
Output should be
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80/tcp ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Enable UFW status
If above sudo ufw status command gives status inactive type following in terminal
sudo ufw enable
to disable UFW status
sudo ufw disable
Logging in UFW
You can enable or disable logging in UFW. There are three levels for logging in ufw low,medium,high. the default log level is low.
You can enable logging. type following in the terminal
sudo ufw logging on
Here successfully completed the tutorial on how to setup UFW firewall on Debian 9. If you have any queries regarding this then please don’t forget to comment below.