a pure Raspi web server with Raspbian Debian

Raspberry pi server

 Setups and configurations

 Raspberry pi - Rpi

 Apache / LAMP server


 The game not the island group

anchor life saver

 Regarding unity3d

🙂 In-game char icons

 Public game server settings

🛠 Hafenzoll @raspberry
🛠 Windward defaults

 Social news aggregation

Community @steam
🌍 Windward #reddit

 Official Windward wiki

🛠 Wiki @gamepedia
Duckduckgo pirate flag
Something else

 This is in German language

💻 Linux - ubuntusers.de

 Get a handy weather widget

🌤 Weather code snippet

 Hotchpotch of weblinks

📖 Yellow pages

 We got some boring movies

🎥 Cinematique
Search cloud
Front desk clerk

No ads, no trackers and
no web beacons. Promised.

Install & configure the socalled ufw | Uncomplicated firewall with Linux

The ufw is a front end application for iptables. Here you get the basic handling to your personal firewall - but effective one - to IPv4 & IPv6. The ufw is a comfortable command line application for managing your personal iptables rules under Linux. All rules are processed in the order of the configuration file(s) from the top to the bottom. The paths to the file locations are /lib/ufw & /etc/ufw .

The ufw is not installed by default with any Linux derivate like Fedora, Ubuntu, Mint, Debian or Raspbian. So start your terminal program preferred PuTTy. Do not close the terminal program until we have your firewall readily made and activated.

gufw (universe, optional graphical user interface)

user interface ufw uncomplicated firewall

user@raspberry:~ $ sudo su
root@raspberry:# apt install ufw gufw

The firewall is not enabled yet. Primarily we set now our own rules.

At first we allow access from your entire home subnet - this is not an essential act, but in case something went wrong with your firewall configuration so we have some precaution. We grant every single computer in your home network. Note that 192.168.x.x/24 may vary from router to router. Some have 192.168.0.x/24 or 192.168.178.x/24 or whatever. Consult your modem / router UI to get the correct subnet address or simply use the command ifconfig (Linux) or ipconfig (MS Windows) in terminal.

root@raspberry:# ufw allow from to any

Make setting up your firewall easier is to define two default rules for allowing and denying incoming & outgoing transfers.

root@raspberry:# ufw default deny incoming
root@raspberry:# ufw default allow outgoing

As next we open the standard ports for the protocols to ftp / sftp, http, https (SSL if required) and ssh (access by terminal, command line).

root@raspberry:# ufw allow 21/tcp
root@raspberry:# ufw allow 22/tcp
root@raspberry:# ufw allow 80/tcp
root@raspberry:# ufw allow 443/tcp

In case you have MySQL or a dedicated game server presently running you have to open the specific ports as well.

Now proof your own configuration.

Let us fire up the brickwall.

root@raspberry:# ufw enable

          Command may disrupt existing ssh transfers. Proceed with operation (y|n)? y
          Firewall is active and enabled on system startup

Probably you have to close and restart the terminal program for SSH transfers to your Linux basing web server / Raspberry pi.

root@raspberry:# ufw status verbose

          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)

Something or more went wrong? Got new ideas? No problem.
Just reset your personal settings and start from the beginning.

root@raspberry:# ufw disable
root@raspberry:# ufw reset

ufw Uncomplicated firewall | deny or reject access clients unwanted

Very effective to defeat and minimize referral spam and visitor unwanted from certain servers (countrywise).

That is quit simple. The demonstration shows you how to block a single IP and a IP-range/subnet.

root@raspberry:# ufw deny from to any

Instead of deny you can also use reject.
deny will keep the program waiting until the connection attempt times out, some short time later.
reject will produce an immediate and very informative "Connection refused" message to the client.

A refused connection lets bots, real people on this planet and something else know that it is your strong policy decision.

root@raspberry:# ufw deny from to any

root@raspberry:# ufw reject from to any

          Rule added

After making changes, reload ufw.

root@raspberry:# ufw reload

          Firewall reloaded

root@raspberry:# ufw status verbose

          Status: active
          Logging: on (low)
          Default: deny (incoming), allow (outgoing)
          New profiles: skip
          To                         Action      From
          --                         ------      ----
          Anywhere                   ALLOW
          21/tcp                     ALLOW       Anywhere
          22/tcp                     ALLOW       Anywhere
          Anywhere                   DENY
          Anywhere                   REJECT
          80/tcp                     ALLOW       Anywhere
          443/tcp                    ALLOW       Anywhere
          21/tcp                     ALLOW       Anywhere (v6)
          22/tcp                     ALLOW       Anywhere (v6)
          80/tcp                     ALLOW       Anywhere (v6)
          443/tcp                    ALLOW       Anywhere (v6)

impotrant You have to have to set the rules for 80/tcp & 443/tcp after the banned IP adresses.

Now in the shortest story.

  • At first set the new rules for all the IP adresses you want to ban (deny, reject)
  • Then delete the rules for 80/tcp & 443/tcp (see below how to do so)
  • Renew both rules by the commands ufw allow 80/tcp & ufw allow 443/tcp
  • Command "ufw reload"
  • Command "ufw status verbose" to see if everything is fine with you

What happens with an existing rule?

          Skipping adding existing rule

How to remove a rule from ufw

root@raspberry:# ufw status numbered

          Status: active
               To                    Action      From
               --                    ------      ----
          [ 1] Anywhere              ALLOW IN
          [ 2] 21/tcp                ALLOW IN    Anywhere
          [ 3] 22/tcp                ALLOW IN    Anywhere
          [ 4] Anywhere              DENY IN
          [ 5] Anywhere              REJECT IN
          [ 6] 80/tcp                ALLOW IN    Anywhere
          [ 7] 443/tcp               ALLOW IN    Anywhere

root@raspberry:# ufw delete 6
allow 80/tcp
Proceed with operation (y|n)? y
root@raspberry:# ufw reload
Firewall reloaded

How to disable ufw

root@raspberry:# ufw disable

dnslytics - Ultimate online investigation tool.
Remark: the free usage has a limit per day, just erase cookies and go ahead with a new IP address then.


Log levels can be set to off | low | medium | high . The default setting is low

The path to the logging file is /var/log/ufw.log

root@raspberry:# ufw logging medium
Logging enabled

Help | Manual

root@raspberry:# man ufw

More at ubuntu wiki

important message Troubleshooting | No access to Raspberry pi

What a pity. You enabled ufw and forgot to allow something or did the setup in a wrong sequence.

Identify /etc/ufw/ufw.conf on the (micro)SD-card and set ENABLED=yes to ENABLED=no . Administrative rights is needed to do so. Next time boot ufw is inactive.

          # /etc/ufw/ufw.conf
          # Set to yes to start on boot. If setting this remotely, be sure to add a rule
          # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
          # Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
          # See 'man ufw' for details.

❶ Method in Linux Ubuntu or similar

Take the (micro)SD-card out from your Raspberry pi and put the card in an internal or external card reader connected to a desktop, laptop or whatever. Browse with the file manager e.g. Nautilus to the directory /etc/ufw

Linux Raspbian UFW uncomplicated firewall

and choose by the right mouse-button Open in Terminal. Log in as superuser with your Linux password and not with your Raspberry password.

user@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw$ sudo su

[sudo] Password for user:
root@ubuntu:/media/user/27840c60-cecb- ... 28231c/etc/ufw# nano ufw.conf

Mod and save the file Crtl O and close Crtl X . That's it. Back with the card and fire up your Raspberry pi.

❷ Method in MS Windows

Rules out since MS Windows can't read debianized SD-cards. You'll see some files for boot needed.

❸ Method in Mac OSx

Sorry, I have no clue about Mac OSx. Probably possible somehow.

05-Jun 2018

Hafenzoll 2019