a pure Raspi web server with Raspbian Debian

Raspberry pi server

 Setups and configurations

 Raspberry pi - Rpi

 Apache / LAMP server

Windward

 The game not the island group

anchor life saver

 Regarding unity3d

🙂 In-game char icons

 Public game server settings

🛠 Hafenzoll @raspberry
🛠 Windward defaults

 Social news aggregation

Community @steam
🌍 Windward #reddit

 Official Windward wiki

🛠 Wiki @gamepedia
Duckduckgo pirate flag
Something else

 This is in German language

💻 Linux - ubuntusers.de

 Get a handy weather widget

🌤 Weather code snippet

 Hotchpotch of weblinks

📖 Yellow pages

 We got some boring movies

🎥 Cinematique
Archives
Search cloud
Front desk clerk

No ads, no trackers and
no web beacons. Promised.

Install & configure the socalled ufw | Uncomplicated firewall with Linux


The ufw is a front end application for iptables. Here you get the basic handling to your personal firewall - but effective one - to IPv4 & IPv6. The ufw is a comfortable command line application for managing your personal iptables rules under Linux. All rules are processed in the order of the configuration file(s) from the top to the bottom. The paths to the file locations are /lib/ufw & /etc/ufw .


The ufw is not installed by default with any Linux derivate like Fedora, Ubuntu, Mint, Debian or Raspbian. So start your terminal program preferred PuTTy. Do not close the terminal program until we have your firewall readily made and activated.


gufw (universe, optional graphical user interface)

user interface ufw uncomplicated firewall


user@raspberry:~ $ sudo su
root@raspberry:# apt install ufw gufw


The firewall is not enabled yet. Primarily we set now our own rules.


At first we allow access from your entire home subnet - this is not an essential act, but in case something went wrong with your firewall configuration so we have some precaution. We grant every single computer in your home network. Note that 192.168.x.x/24 may vary from router to router. Some have 192.168.0.x/24 or 192.168.178.x/24 or whatever. Consult your modem / router UI to get the correct subnet address or simply use the command ifconfig (Linux) or ipconfig (MS Windows) in terminal.


root@raspberry:# ufw allow from 192.168.0.0/24 to any


Make setting up your firewall easier is to define two default rules for allowing and denying incoming & outgoing transfers.


root@raspberry:# ufw default deny incoming
root@raspberry:# ufw default allow outgoing


As next we open the standard ports for the protocols to ftp / sftp, http, https (SSL if required) and ssh (access by terminal, command line).


root@raspberry:# ufw allow 21/tcp
root@raspberry:# ufw allow 22/tcp
root@raspberry:# ufw allow 80/tcp
root@raspberry:# ufw allow 443/tcp


In case you have MySQL or a dedicated game server presently running you have to open the specific ports as well.




Now proof your own configuration.


Let us fire up the brickwall.


root@raspberry:# ufw enable


          Command may disrupt existing ssh transfers. Proceed with operation (y|n)? y
          Firewall is active and enabled on system startup
          

Probably you have to close and restart the terminal program for SSH transfers to your Linux basing web server / Raspberry pi.


root@raspberry:# ufw status verbose


          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW       192.168.0.0/24
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)
          


Something or more went wrong? Got new ideas? No problem.
Just reset your personal settings and start from the beginning.


root@raspberry:# ufw disable
root@raspberry:# ufw reset


ufw Uncomplicated firewall | deny or reject access clients unwanted


Very effective to defeat and minimize referral spam and visitor unwanted from certain servers (countrywise).


That is quit simple. The demonstration shows you how to block a single IP and a IP-range/subnet.


root@raspberry:# ufw deny from 46.95.148.45 to any


Instead of deny you can also use reject.
deny will keep the program waiting until the connection attempt times out, some short time later.
reject will produce an immediate and very informative "Connection refused" message to the client.


A refused connection lets bots, real people on this planet and something else know that it is your strong policy decision.


root@raspberry:# ufw deny from 46.95.148.45 to any


root@raspberry:# ufw reject from 178.137.0.0/16 to any


          Rule added
          

After making changes, reload ufw.


root@raspberry:# ufw reload


          Firewall reloaded
          

root@raspberry:# ufw status verbose


          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW       192.168.0.0/24
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          Anywhere                   DENY        46.95.148.45
          Anywhere                   REJECT      178.137.0.0/16
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)
          ...
          

impotrant You have to have to set the rules for 80/tcp & 443/tcp after the banned IP adresses.




Now in the shortest story.

  • At first set the new rules for all the IP adresses you want to ban (deny, reject)
  • Then delete the rules for 80/tcp & 443/tcp (see below how to do so)
  • Renew both rules by the commands ufw allow 80/tcp & ufw allow 443/tcp
  • Command "ufw reload"
  • Command "ufw status verbose" to see if everything is fine with you




What happens with an existing rule?


          Skipping adding existing rule
          


How to remove a rule from ufw


root@raspberry:# ufw status numbered


          Status: active
          
               To                    Action      From
               --                    ------      ----
          [ 1] Anywhere              ALLOW IN    192.168.0.0/24
          [ 2] 21/tcp                ALLOW IN    Anywhere
          [ 3] 22/tcp                ALLOW IN    Anywhere
          [ 4] Anywhere              DENY IN     46.95.148.45
          [ 5] Anywhere              REJECT IN   178.137.0.0/16
          [ 6] 80/tcp                ALLOW IN    Anywhere
          [ 7] 443/tcp               ALLOW IN    Anywhere
          ...
          

root@raspberry:# ufw delete 6
Deleting:
allow 80/tcp
Proceed with operation (y|n)? y
root@raspberry:# ufw reload
Firewall reloaded




How to disable ufw


root@raspberry:# ufw disable




dnslytics - Ultimate online investigation tool.
Remark: the free usage has a limit per day, just erase cookies and go ahead with a new IP address then.


Logging


Log levels can be set to off | low | medium | high . The default setting is low

The path to the logging file is /var/log/ufw.log


root@raspberry:# ufw logging medium
Logging enabled


Help | Manual


root@raspberry:# man ufw


More at ubuntu wiki


important message Troubleshooting | No access to Raspberry pi


What a pity. You enabled ufw and forgot to allow something or did the setup in a wrong sequence.


Identify /etc/ufw/ufw.conf on the (micro)SD-card and set ENABLED=yes to ENABLED=no . Administrative rights is needed to do so. Next time boot ufw is inactive.


          # /etc/ufw/ufw.conf
          #
          
          # Set to yes to start on boot. If setting this remotely, be sure to add a rule
          # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
          ENABLED=yes
          
          # Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
          # See 'man ufw' for details.
          LOGLEVEL=low
          


❶ Method in Linux Ubuntu or similar


Take the (micro)SD-card out from your Raspberry pi and put the card in an internal or external card reader connected to a desktop, laptop or whatever. Browse with the file manager e.g. Nautilus to the directory /etc/ufw


Linux Raspbian UFW uncomplicated firewall


and choose by the right mouse-button Open in Terminal. Log in as superuser with your Linux password and not with your Raspberry password.


user@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw$ sudo su


[sudo] Password for user:
root@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw# nano ufw.conf


Mod and save the file Crtl O and close Crtl X . That's it. Back with the card and fire up your Raspberry pi.




❷ Method in MS Windows


Rules out since MS Windows can't read debianized SD-cards. You'll see some files for boot needed.




❸ Method in Mac OSx


Sorry, I have no clue about Mac OSx. Probably possible somehow.


05-Jun 2018

Hafenzoll 2019