How to Set Up a Firewall Using UFW on Debian 12 Bookworm

This article explains how to set up a firewall using UFW on Debian 12 Bookworm.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Introduction

A firewall is an essential security component that helps protect your system by filtering incoming and outgoing network traffic based on predefined rules. Debian 12 (Bookworm) provides various tools for firewall configuration, and one of the simplest yet powerful tools available is Uncomplicated Firewall (UFW).

UFW is a user-friendly interface for iptables, designed to simplify firewall management while maintaining robust security.

In this guide, we will walk you through installing, configuring, and using UFW to secure your Debian 12 system.

Prerequisites

Before proceeding with the setup, ensure you have the following:

  • A system running Debian 12 (Bookworm)
  • A user account with sudo privileges
  • Basic knowledge of command-line usage

Step 1: Installing UFW

Debian 12 does not install UFW by default. To install it, follow these steps:

  1. Update the package list to ensure you get the latest version of UFW:

    sudo apt update

  2. Install UFW by running:

    sudo apt install ufw -y

  3. Verify the installation by checking the UFW version:

    ufw --version

    If UFW is installed correctly, this command will display the installed version.

Step 2: Checking the Status of UFW

To check whether UFW is active or inactive, use the following command:

sudo ufw status verbose

If UFW is inactive, you will see the following output:

Status: inactive

Step 3: Setting Default Firewall Policies

Before enabling UFW, it’s best to define the default policies for incoming and outgoing traffic. These rules dictate how traffic is handled if no specific rule is set.

  • To deny all incoming connections by default, run:

    sudo ufw default deny incoming

  • To allow all outgoing connections, run:

    sudo ufw default allow outgoing

These settings ensure that your system blocks all unsolicited connections while allowing outgoing traffic required for normal system operations.

Step 4: Allowing Essential Services

Since we have denied all incoming connections by default, we need to explicitly allow traffic for essential services.

Allow SSH (Secure Shell)

If you are using SSH to access your Debian 12 system remotely, you must allow SSH connections, or you risk locking yourself out.

sudo ufw allow OpenSSH

Alternatively, you can specify the port number manually (default SSH port is 22):

sudo ufw allow 22/tcp

Allow HTTP and HTTPS (For Web Servers)

If your Debian 12 system is hosting a web server, you must allow HTTP and HTTPS traffic:

sudo ufw allow 80/tcp   # Allow HTTP
sudo ufw allow 443/tcp  # Allow HTTPS

Allow Specific Ports

If you need to allow any other ports, use:

sudo ufw allow <port-number>/tcp

For example, to allow MySQL traffic on port 3306:

sudo ufw allow 3306/tcp

Allow Specific IP Addresses

To allow a specific IP address to connect to your system on all ports:

sudo ufw allow from 192.168.1.100

To allow an IP address access only to a specific port:

sudo ufw allow from 192.168.1.100 to any port 22

Allowing a Specific Subnet

If you want to allow an entire subnet, use:

sudo ufw allow from 192.168.1.0/24

Step 5: Enabling UFW

Once you have configured the necessary rules, enable UFW:

sudo ufw enable

You will be prompted with:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Type y and press Enter.

To verify that UFW is running, use:

sudo ufw status verbose

Step 6: Managing UFW Rules

Listing All Rules

To see a list of all active UFW rules:

sudo ufw status numbered

Deleting a Rule

To delete a rule, first identify its number using ufw status numbered, then remove it with:

sudo ufw delete <rule-number>

For example, to delete rule number 3:

sudo ufw delete 3

Disabling UFW

If you need to disable the firewall temporarily:

sudo ufw disable

Resetting UFW

To reset UFW to its default settings (removes all rules):

sudo ufw reset

Step 7: Logging and Monitoring UFW

To enable logging of firewall activities:

sudo ufw logging on

Log files are stored in /var/log/ufw.log. To view recent logs:

sudo tail -f /var/log/ufw.log

Step 8: Advanced UFW Usage

Rate Limiting SSH

To prevent brute-force attacks, enable rate limiting for SSH:

sudo ufw limit ssh/tcp

This restricts repeated connection attempts to protect against unauthorized access.

Denying Specific IP Addresses

To block an IP address from accessing your system:

sudo ufw deny from 203.0.113.5

Allowing Specific Network Interfaces

To allow access only on a specific interface (e.g., eth0):

sudo ufw allow in on eth0 to any port 80

Conclusion

Setting up a firewall using UFW on Debian 12 (Bookworm) is an essential step to enhance your system’s security. UFW provides an easy-to-use interface to manage firewall rules effectively. By following this guide, you have successfully installed, configured, and enabled UFW, ensuring that your Debian 12 system is protected from unauthorized access while allowing necessary traffic.

Regularly review your firewall rules and logs to maintain optimal security, and consider additional hardening measures if required.


< How to Configure Automatic Updates in Debian 12 BookwormHow to Manage systemd Services in Debian 12 Bookworm >