Table of Contents
Introduction:
Today we are going to be showing you how to install and configure UFW firewall on a Raspberry Pi 4. We are only covering the basics but may add a more advanced tutorial in the future.
What is Uncomplicated Firewall (UFW)?
UFW is a free firewall that you can use to control the IPTABLES on Linux operating systems. It is much user friendly than manually editing configuring IPTABLES. It gives a simple command-line interface to input smaller commands to achieve the same outcome. Hence its name Uncomplicated Firewall.
Today we are showing you how to install and configure UFW on a Raspberry Pi 4 however you can use the same process/commands to install UFW on any Linux device.
So lets get started.
Difficulty = Medium
How to install and configure UFW Firewall on a Raspberry Pi 4.
To install UFW in a terminal type the following:
sudo apt-install ufw -y
Now UFW is installed but it is not turned on.
It is very important!! that if you are using SSH to connect to your Raspberry Pi 4 that you open the SSH Port in UFW before you enable the firewall.
If you don't do this first you will get locked out and will need to physically connect a monitor and keyboard to get terminal access to your Pi.
To open the SSH port using the service name and default port. Run this command:
sudo ufw allow ssh
Alternatively, you can use the command below. This command is especially useful if you have decided to change the port number from the default of 22 to "1984" for example.
You can also add the protocol you require either tcp or udp.
You can even add a comment so it can remind you if you ever have to edit the UFW ports again in the future.
If you have not changed the default SSH port then you will need to use port 22 and not 1984 as stated below in our example.
sudo ufw allow 1984/tcp comment "SSH"
All we need to do now is enable UFW
sudo ufw enable
Then press "y" and "enter" at the command prompt.
We will now need to open a fresh Terminal window so we can test that we can still connect over SSH. We need to confirm that the UFW firewall updated correctly.
Open a new Terminal window and connect via SSH.
If your using the default SSH port you can run this
ssh pi@YOURIPADDRESS
If you changed your SSH port you will need to use the following command
ssh -p 1984 pi@YOURIPADDRESS
If you can connect ok all is set up and working correctly.
A few more useful UFW terminal commands:
Check your UFW Firewall status:
sudo ufw status verbose
To remove a port from the firewall list:
To do this you first need to know its rule number. To get this list first run:
sudo ufw status numbered
Now you should see the list of ports with a number for each entry. Select the correct number to remove the entry. Remember that once you remove a port entry the numbered list will completely change so it is wise to recheck again running the above command.
Say the port we want to delete was [ 3] 22/tcp ALLOW IN IP
We will run the following :
sudo ufw delete 3
Disable the firewall:
If you have a connection problem it is a good idea to temporarily disable the firewall and then retest to see if you can connect. If you can then the problem is clearly Firewall related.
To disable the the UFW Firewall use the following command:
sudo ufw disable
Let us know in the comments below anything you would add to this basic guide or any other useful command you may know that may help others.
Great Post. Thanks
You open port 1984 and try to use port 1981 later.
It will not work.
well spotted and thank you for letting us know I have updated the post.