How to Setup UFW Firewall on Debian 10

Setup UFW Firewall on Debian 10

In this article, we will have explained the necessary steps to install and setup UFW firewall on Debian 10. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

UFW (Uncomplicated Firewall) is a front-end for iptables firewall. It’s well-suited for host-based firewalls. It is designed to provide an easy for managing firewalls, even the user does not have many ideas about firewalls.

Setup UFW Firewall on Debian

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo apt update
sudo apt upgrade

Step 2. Install UFW on Debian 10.

Installed the latest version of UFW firewall on your Debian system:

sudo apt install ufw

On installation, ufw is disabled. You can check UFW status with:

sudo ufw status

Step 3. Enable UFW status.

If sudo ufw status command gives status inactive type following in the terminal:

sudo ufw enable   ### enable ###
sudo ufw disable  ### disable ###.

Step 4. Allow Connections with UFW

  • Allow Specific Ports – To allow a single port, for example allow port 21 (FTP), 80 (HTTP) and 443 (HTTPS).
    sudo ufw allow 21/tcp
    sudo ufw allow 80/tcp
    sudo ufw allow 443/tcp
  • Allow Specific Services – UFW uses /etc/services files to get port of specific service, So we can allow any service with name instead of defining port. Like ftp (21), http(80).
    sudo ufw allow ftp/tcp
    sudo ufw allow http/tcp
    sudo ufw allow https/tcp
  • Allow Port Range – We can also allow range of ports in single command like:
    sudo ufw allow 1100-1200/tcp
  • Allow Access to Specific IP – To allow connections from specific ip address use following command.
    sudo ufw allow from 192.168.0.46
  • Allow Access to Subnet – To allow connections from any ip address of subnet use following command.
    sudo ufw allow from 192.168.0.0/24
  • Allow IP to Specific Port – To allow connections from any ip address of subnet use following command.
    sudo ufw allow from 192.168.0.46 to any port 22

Step 5. Deny Connections with UFW.

  • Deny Specific Ports – To allow a single port, for example allow port 21 (FTP), 80 (HTTP) and 443 (HTTPS).
    sudo ufw deny 21/tcp
    sudo ufw deny 80/tcp
    sudo ufw deny 443/tcp
  • Deny Port Range – We can also allow range of ports in single command like:
    sudo ufw deny 1100-1200/tcp
  • Deny Access to Specific IP – To deny connections from specific ip address use following command.
    sudo ufw deny from 192.168.0.46
  • Deny Access to Subnet – To deny connections from any ip address of subnet use following command.
    sudo ufw deny from 192.168.0.0/24
  • Deny IP to Specific Port -To deny connections from any ip address of subnet use following command.
    sudo ufw allow from 192.168.0.46 to any port 22

Step 6. Logging in UFW.

You can enable or disable logging in UFW. There are three levels for logging in ufw low, medium, high. the default log level is low:

sudo ufw logging on  ### enable ###
sudo ufw logging off ### disable ###

Congratulation, you have learned how to install and configure UFW Firewall on Debian 10 Buster. If you have any question, please leave a comment below.