it's a raspberry pi


 Setups & configurations

anchor life saver

 We got some boring movies

🎥 Cinematique

 Regarding unity3d

🙂 In-game char icons

 All about pirate games

⚓ Pirates ahoy!

 This is German language

💻 Linux -
Windward bathtub
Tasharen Windward Game

 Social news aggregation

🌍 Windward #reddit
Windward intensive

 Official Windward wiki

🛠 Wiki @gamepedia
Front desk clerk

No ads, no trackers,
no web beacons

rum barrel
Something else

 Get the weather widget

🌤 Weather code snippet

 Hotchpotch of weblinks

📖 Yellow pages
Tag cloud

Raspberry Pi | Install & configure the socalled ufw | Uncomplicated firewall

ufw is a front end application for iptables.

Here you get the basic handling to your personal firewall - but effective one - to IPv4 & IPv6.

The ufw is a comfortable command line application for managing your personal iptables rules in Linux.
important message All rules are processed in the order of the configuration file(s) from the top to the bottom.
The paths to the file locations are /lib/ufw & /etc/ufw .

ufw is not installed by default with Debian Raspbian. So start your terminal program preferred PuTTy.
Do not close the terminal program until we have your firewall configured & activated.

gufw (universe, optional graphical user interface)

user interface ufw uncomplicated firewall

user@raspberry:~ $ sudo su
root@raspberry:# apt install ufw gufw

The firewall is not enabled yet. Primarily we set our own rules.

At first we allow access from your entire home subnet - this is not an essential act, but in case something went wrong with your firewall configuration so we have some precaution. We grant every single computer in your home network. Note that 192.168.x.x/24 may vary from router to router. Consult your modem / router UI to get the correct subnet address or simply use the command ifconfig (Linux) or ipconfig (MS Windows) in terminal.

root@raspberry:# ufw allow from to any

Make setting up your firewall easier is to define two default rules for allowing and denying incoming & outgoing connections.

root@raspberry:# ufw default deny incoming
root@raspberry:# ufw default allow outgoing

As next we open the standard ports for the protocols to ftp / sftp, http, https (SSL if required) and ssh (access by terminal, command line).

root@raspberry:# ufw allow 21/tcp
root@raspberry:# ufw allow 22/tcp
root@raspberry:# ufw allow 80/tcp
root@raspberry:# ufw allow 443/tcp

In case you have MySQL or a game server presently running you have to open the specific ports as well.

Now proof your own configuration.

Let us fire up the brickwall.

root@raspberry:# ufw enable

          Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
          Firewall is active and enabled on system startup

Probably you have to close and restart the terminal program for SSH connections to your Raspberry Pi.

root@raspberry:# ufw status verbose

          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)

Something or more went wrong? Got new ideas? No problem.
Just reset your personal settings and start from the beginning.

root@raspberry:# ufw disable
root@raspberry:# ufw reset

ufw Uncomplicated firewall | deny or reject access clients unwanted

Very effective to defeat and minimize referral spam / referrer spamming.

That is quit simple. The demonstration shows you how to block a single IP and a IP-range/subnet.

root@raspberry:# ufw deny from to any

Instead of deny you can also use reject.
deny will keep the program waiting until the connection attempt times out, some short time later.
reject will produce an immediate and very informative "Connection refused" message to the client.

A refused connection lets people know that it is your policy decision.

root@raspberry:# ufw deny from to any

root@raspberry:# ufw reject from to any

          Rule added

After making changes, reload ufw.

root@raspberry:# ufw reload

          Firewall reloaded

root@raspberry:# ufw status verbose

          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          Anywhere                   DENY
          Anywhere                   REJECT
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)

impotrant You have to have to set the rules to 80/tcp & 443/tcp after the IP adresses.

Now in the shortest story.

  • At first set the new rules for all the IP adresses you want to ban (deny, reject)
  • Then delete the rules to 80/tcp & 443/tcp (see below how to do so)
  • Renew both rules by the commands ufw allow 80/tcp & ufw allow 443/tcp
  • Command "ufw reload"
  • Command "ufw status verbose" to see if everything is fine with you

What happens with an existing rule?

          Skipping adding existing rule

How to remove a rule from ufw

root@raspberry:# ufw status numbered

          Status: active
               To                    Action      From
               --                    ------      ----
          [ 1] Anywhere              ALLOW IN
          [ 2] 21/tcp                ALLOW IN    Anywhere
          [ 3] 22/tcp                ALLOW IN    Anywhere
          [ 4] Anywhere              DENY IN
          [ 5] Anywhere              REJECT IN
          [ 6] 80/tcp                ALLOW IN    Anywhere
          [ 7] 443/tcp               ALLOW IN    Anywhere

root@raspberry:# ufw delete 6
allow 80/tcp
Proceed with operation (y|n)? y
root@raspberry:# ufw reload
Firewall reloaded

How to disable ufw

root@raspberry:# ufw disable

dnslytics - Ultimate online investigation tool.
Remark: the free usage has a limit per day, just erase cookies and go ahead with a new IP address then.


Log levels can be set to off | low | medium | high . The default setting is low

The path to the logging file is /var/log/ufw.log

root@raspberry:# ufw logging medium
Logging enabled

Help | Manual

root@raspberry:# man ufw

More at ubuntu wiki

important message Troubleshooting | No access to Raspberry Pi

What a pity. You enabled ufw and forgot to allow something or did the setup in a wrong sequence.

Identify /etc/ufw/ufw.conf on the (micro)SD-card and set ENABLED=yes to ENABLED=no . Administrative rights is needed to do so. Next time boot ufw is inactive.

          # /etc/ufw/ufw.conf
          # Set to yes to start on boot. If setting this remotely, be sure to add a rule
          # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
          # Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
          # See 'man ufw' for details.

❶ Method in Linux Ubuntu or similar

Take the (micro)SD-card out from your Raspberry Pi and put the card in an internal or external card reader connected to a desktop, laptop or whatever. Browse with the file manager e.g. Nautilus to the directory /etc/ufw

Linux Raspbian UFW uncomplicated firewall

and choose by the right mouse-button Open in Terminal. Log in as superuser with your Linux password and not with your Raspberry password.

user@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw$ sudo su

[sudo] Password for user:
root@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw# nano ufw.conf

Mod and save the file Crtl O and close Crtl X . That's it. Back with the card and fire up your Raspberry Pi.

❷ Method in MS Windows

Rules out since MS Windows can't read debianized SD-cards. You'll see some files for boot needed.

❸ Method in Mac OSx

Sorry, I have no clue about Mac OSx. Probably possible somehow.

05-Jun 2018

Hafenzoll 2019