In this article, we will have explained the necessary steps to install and setup UFW firewall on Debian 10. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
UFW (Uncomplicated Firewall) is a front-end for iptables firewall. It’s well-suited for host-based firewalls. It is designed to provide an easy for managing firewalls, even the user does not have many ideas about firewalls.
Setup UFW Firewall on Debian
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
Step 2. Install UFW on Debian 10.
Installed the latest version of UFW firewall on your Debian system:
On installation, ufw is disabled. You can check UFW status with:
Step 3. Enable UFW status.
If sudo ufw status command gives status inactive type following in the terminal:
sudoufwenable ### enable ###
sudoufwdisable ### disable ###.
Step 4. Allow Connections with UFW
- Allow Specific Ports – To allow a single port, for example allow port 21 (FTP), 80 (HTTP) and 443 (HTTPS).123sudoufwallow21/tcpsudoufwallow80/tcpsudoufwallow443/tcp
- Allow Specific Services – UFW uses /etc/services files to get port of specific service, So we can allow any service with name instead of defining port. Like ftp (21), http(80).123sudoufwallowftp/tcpsudoufwallowhttp/tcpsudoufwallowhttps/tcp
- Allow Port Range – We can also allow range of ports in single command like:1sudoufwallow1100-1200/tcp
- Allow Access to Specific IP – To allow connections from specific ip address use following command.1sudoufwallowfrom192.168.0.46
- Allow Access to Subnet – To allow connections from any ip address of subnet use following command.1sudoufwallowfrom192.168.0.0/24
- Allow IP to Specific Port – To allow connections from any ip address of subnet use following command.1sudoufwallowfrom192.168.0.46toanyport22
Step 5. Deny Connections with UFW.
- Deny Specific Ports – To allow a single port, for example allow port 21 (FTP), 80 (HTTP) and 443 (HTTPS).123sudoufwdeny21/tcpsudoufwdeny80/tcpsudoufwdeny443/tcp
- Deny Port Range – We can also allow range of ports in single command like:1sudoufwdeny1100-1200/tcp
- Deny Access to Specific IP – To deny connections from specific ip address use following command.1sudoufwdenyfrom192.168.0.46
- Deny Access to Subnet – To deny connections from any ip address of subnet use following command.1sudoufwdenyfrom192.168.0.0/24
- Deny IP to Specific Port -To deny connections from any ip address of subnet use following command.1sudoufwallowfrom192.168.0.46toanyport22
Step 6. Logging in UFW.
You can enable or disable logging in UFW. There are three levels for logging in ufw low, medium, high. the default log level is low:
sudoufwloggingon ### enable ###
sudoufwloggingoff### disable ###
Congratulation, you have learned how to install and configure UFW Firewall on Debian 10 Buster. If you have any question, please leave a comment below.