Configure basic UFW firewall on Debian - hpaluch/hpaluch.github.io GitHub Wiki

It may sound very sad, but current Debian (at least 9.5) has by default no active firewall set.

If you are running Debian reachable on public Internet you should definitely limit access - especially to ssh.

Setup

Install UFW:

apt-get update
apt-get install ufw

Modify these lines in /etc/ufw/ufw.conf:

ENABLED=yes
LOGLEVEL=medium

Now most important - enable SSH from address X.X.X.X only (replace X.X.X.X with your Public ssh Client IP address):

ufw allow from X.X.X.X to any app SSH

You may also enable www access (port 80/tcp and 443/tcp) from anywhere (typical setup):

ufw allow "WWW Full"

And (re)start UFW to apply these changes:

systemctl restart ufw
# needed to reconfigure logging to /var/log/ufw.log
systemctl restart rsyslog

To see applied rules you can use this command:

ufw status numbered
   Status: active

        To                         Action      From
        --                         ------      ----
   [ 1] SSH                        ALLOW IN    X.X.X.X
   [ 2] WWW Full                   ALLOW IN    Anywhere
   [ 3] WWW Full (v6)              ALLOW IN    Anywhere (v6)

If you don't like any rule you can delete it:

ufw delete RULE_NUMBER_FROM_BRACES

And here you can list iptables rules corresponding to ufw "Applications":

/sbin/iptables -L -n | grep dapp
   ACCEPT     tcp  --  X.X.X.X              0.0.0.0/0            tcp dpt:22 /* 'dapp_SSH' */
   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443 /* 'dapp_WWW%20Full' */

To see iptables logging use:

dmesg -T | grep UFW

You should also see all logged packets in /var/log/ufw.log file (result of rule /etc/rsyslog.d/20-ufw.conf created by UFW)

Resources

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands