Configuring a firewall on Debian with UFW

2023-04-25

Install UFW

# debian and ubuntu
sudo apt update && sudo apt upgrade -y
sudo apt install ufw

# arch linux
sudo pacman -Suy
sudo pacman -S ufw

Configure UFW

sudo ufw reset
sudo ufw default deny
sudo ufw allow http
sudo ufw allow https
sudo ufw allow ssh
sudo ufw reload
sudo ufw enable

Make sure UFW starts on boot

# for systemd-based distros (debian, ubuntu, arch, ...)
sudo systemctl enable ufw
sudo systemctl start ufw

Double-check UFW configuration

# sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
22/tcp (v6)                ALLOW IN    Anywhere (v6)

# sudo systemctl status ufw

* ufw.service - CLI Netfilter Manager
     Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: disabled)
     Active: active (exited) since Fri 2023-06-02 18:39:10 -03; 50min ago
   Main PID: 345 (code=exited, status=0/SUCCESS)
        CPU: 69ms