UFW is a firewall tool which is the abbreviation of the Uncomplicated Firewall, it keeps check on the network connections. A ufw keeps eye on the incoming and outgoing connections and also, only those connections can access the network which is allowed by the ufw, moreover, it has also the ability to block the networks.
If we simply define the ufw so it manages the firewall by managing the network connections. In this writeup, we will discuss the method to set up a firewall with ufw on Debian 11.
How to set up a firewall with UFW on Debian 11
Before doing anything, the first thing which is recommended to you is to update the Debian 11 using the command:
$ sudo apt update
Some packages need to be upgraded to run the command to upgrade them:
$ sudo apt upgrade -y
Once all the packages are up to date, proceed towards setting up the firewall with UFW on Debian 11, for this make sure UFW is installed on Debian 11, if not, then you can install it by using the command:
$ sudo apt install ufw
Once the installation is complete, check its status by using the command:
$ sudo ufw status
Now to enable and disable the ufw, the following commands can be run:
$ sudo ufw enable
Similarly, to disable it, run the command:
$ sudo ufw disable
By default, ufw denies all the incoming connections and allows the services that are being used to outbound the connections from the server, but these settings can be changed. The settings of this incoming and outgoing schedule are placed in the directory of /etc/default/ufw/ which can be changed. Let’s say, we want to allow port 8080 we can execute the command:
$ sudo ufw allow 8080
Similarly, if we want to restrict port 8080, run the command:
$ sudo ufw deny 8080
When you install any package in Debian 11 using the apt command from the repository of Debian 11, it will keep a copy of the application profile in the directory path /etc/ufw/application.d, which can be listed down by using the command:
$ sudo ufw app list
Now, make sure the IPv6 is configured, by default it is configured, to cross-check, execute the command:
$ sudo nano /etc/default/ufw
Once the file is being opened by the editor, type the “yes” against the “IPv6” if it is not.
Save the file(CTRL+S) and exit the editor (CTRL+X), and restart the service by using the command:
$ sudo systemctl restart ufw
Now if you are accessing the ssh server from some remote server, you will not be able to log in again, to enable the ssh server, run the command:
$ sudo ufw allow ssh
Similarly, to restrict the ssh run the command:
$ sudo ufw deny ssh
Now there are three ways to allow ports, which are:
By name: we can allow any port by using its port, for example, we want to allow connections for the port http, we run the command:
$ sudo ufw allow http
By number: we can allow any port by using its port number, for example, we want to allow connections for port 80, execute the command:
$ sudo ufw allow 80
By application profile: we can allow any port by using its port application profile, for example, we want to allow the connection for the application of AIM, run the command:
$ sudo ufw allow 'AIM'
If we want to reset the ufw, run the following command:
$ sudo ufw reset
Once the command is executed, it will confirm to proceed with the operation, type “y” to continue, on the completion of the operation, all the rules are set back to the default.
The ufw also provide the GUI (graphical user interface) which is user-friendly and can be installed by running the command:
$ sudo apt install gufw
Once it is installed, go to the search bar, type gufw, ufw icon will be appear, click on it,
It will ask for the password, provide the password and click on the authenticate button.
After the successful authentication, the GUI of the firewall can be open.
Here you can add the rules, of incoming and outgoing, also change the status of the firewall.
Ufw protects the server by monitoring the incoming and outgoing traffic of the network connections of a server. In this writeup, we have discussed how to set up the firewall with ufw on Debian 11 through both the command-line method and GUI method, a GUI method is recommended for the new users for them it’s easy to manage the network connections through GUI.