How to Install and Configure UFW Firewall On Debian 11.4

To Install And Configure UFW Firewall In Linux Debian 11.4

Introduction:

UFW, or Uncomplicated Firewall, simplifies firewall configuration by providing an interface to iptables. Setting up a firewall correctly can be difficult for beginners with Iptables.

Pre-Requisites • Debian • Root privileges or admin privileges

Installation Procedure:

Step 1: Check the OS version by using the below command

root@debian:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye

Step 2: Check whether ufw is installed by using the below command.

root@debian:~# dpkg --get-selections | grep ufw

Step 3: To know about the firewall status, run the below command.

root@debian:~# sudo ufw status
Status: inactive

Step 4: To enable UFW in the terminal, execute the below command.

root@debian:~# sudo ufw enable
Firewall is active and enabled on system startup

step 5: Again, check the firewall status, run the following command.

root@debian:~# sudo ufw status
Status: active

Step 6: After the firewall is activated, you can add your rules into it. If you want to see the default rules view using the below command

root@debian:~# sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

Step 7: The UFW helps us to open a particular port to allow the access to a user and trigger it by using the below command.

root@debian:~# sudo ufw allow ssh
Rule added
Rule added (v6)

Step 8: We can also add a rule by using the insert command and display the status in numbered format by running the below command.

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v

root@debian:~# sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere                  
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

Step 9: To deny FTP connection by using the below command.

root@debian:~# sudo ufw deny ftp
Rule added
Rule added (v6)

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)

Step 10: Next allow the Particular port by using the below command

root@debian:~# sudo ufw allow 2290
Rule added
Rule added (v6)

Step 11: It also possible for you to add port-range into the rule. If we want to open port from 2290 – 2300 with TCP protocol, then the command will be like this.

root@debian:~# sudo ufw allow 2290:2300/tcp
Rule added
Rule added (v6)

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
2290                       ALLOW       Anywhere                  
2290:2300/tcp              ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)             
2290 (v6)                  ALLOW       Anywhere (v6)             
2290:2300/tcp (v6)         ALLOW       Anywhere (v6)

Step 12: while if you want to use UDP, just use the below command.

root@debian:~# sudo ufw allow 2290:2300/udp
Rule added
Rule added (v6)

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
2290                       ALLOW       Anywhere                  
2290:2300/tcp              ALLOW       Anywhere                  
2290:2300/udp              ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)             
2290 (v6)                  ALLOW       Anywhere (v6)             
2290:2300/tcp (v6)         ALLOW       Anywhere (v6)             
2290:2300/udp (v6)         ALLOW       Anywhere (v6)

Step 13: To allow connections from a specific IP address, use the below command.

root@debian:~# sudo ufw allow from 192.168.6.130
Rule added

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
2290                       ALLOW       Anywhere                  
2290:2300/tcp              ALLOW       Anywhere                  
2290:2300/udp              ALLOW       Anywhere                  
Anywhere                   ALLOW       192.168.6.130             
22/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)             
2290 (v6)                  ALLOW       Anywhere (v6)             
2290:2300/tcp (v6)         ALLOW       Anywhere (v6)             
2290:2300/udp (v6)         ALLOW       Anywhere (v6)

Step 14: We can also specify a specific port for the IP address that is allowed to connect by adding “to any port" followed by the port number.

root@debian:~# sudo ufw allow from 192.168.6.130 proto tcp to any port 22
Rule added

root@debian:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
21/tcp                     DENY        Anywhere                  
2290                       ALLOW       Anywhere                  
2290:2300/tcp              ALLOW       Anywhere                  
2290:2300/udp              ALLOW       Anywhere                  
Anywhere                   ALLOW       192.168.6.130             
22/tcp                     ALLOW       192.168.6.130             
22/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                DENY        Anywhere (v6)             
2290 (v6)                  ALLOW       Anywhere (v6)             
2290:2300/tcp (v6)         ALLOW       Anywhere (v6)             
2290:2300/udp (v6)         ALLOW       Anywhere (v6)

Step 15: We can also add a rule by using the insert command and display the status in numbered format by running the below command.

root@debian:~# sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere                  
[ 2] 21/tcp                     DENY IN     Anywhere                  
[ 3] 2290                       ALLOW IN    Anywhere                  
[ 4] 2290:2300/tcp              ALLOW IN    Anywhere                  
[ 5] 2290:2300/udp              ALLOW IN    Anywhere                  
[ 6] Anywhere                   ALLOW IN    192.168.6.130             
[ 7] 22/tcp                     ALLOW IN    192.168.6.130             
[ 8] 22/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 9] 21/tcp (v6)                DENY IN     Anywhere (v6)             
[10] 2290 (v6)                  ALLOW IN    Anywhere (v6)             
[11] 2290:2300/tcp (v6)         ALLOW IN    Anywhere (v6)             
[12] 2290:2300/udp (v6)         ALLOW IN    Anywhere (v6)

Step 16: Delete the rules from UFW by using the below command

root@debian:~# sudo ufw delete 6
Deleting:
 allow from 192.168.6.130
Proceed with operation (y|n)? y
Rule deleted

Step 17: Disable the UFW firewall by using the below command

root@debian:~# sudo ufw disable
Firewall stopped and disabled on system startup

Step 18: Finally Reset the UFW firewall services by using the below command

root@debian:~# sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20230710_214016'
Backing up 'before.rules' to '/etc/ufw/before.rules.20230710_214016'
Backing up 'after.rules' to '/etc/ufw/after.rules.20230710_214016'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20230710_214016'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20230710_214016'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20230710_214016'

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure UFW Firewall in Linux Debian 11.4. Your feedback is much welcome.

Tag : ufw Firewall debian

FAQ

How to disable the UFW firewall?

UFW disable command can be used to disable the firewall.

How to allow connection from a specific IP address UFW firewall?

Use the UFW allow from.

How to display the UFW status in numbered format?

Display for UFW in a numbered format using the following commands ufw status numbered.

How do I check my Debian UFW firewall status?

Check the status of UFW with this command: sudo ufw status

What is UFW in Linux?

UFW, or Uncomplicated Firewall, is a frontend for managing firewall rules in Arch Linux, Debian, or Ubuntu.

How to Install and Configure UFW Firewall On Debian 11.4

To Install And Configure UFW Firewall In Linux Debian 11.4

Introduction:

Installation Procedure:

Conclusion:

Related tutorials in How to Install and Configure UFW Firewall On Debian 11.4

Related forums in How to Install and Configure UFW Firewall On Debian 11.4

Related news in How to Install and Configure UFW Firewall On Debian 11.4