Today, we want to talk you through how you can install and also manage UFW, otherwise known as Uncomplicated Firewall, on Raspberry Pi.
If you are at all familiar with Raspberry Pi at all, you will be more than aware that the level of security needed for your Raspberry Pi completely and utterly depends on how you intend on using it.
So, for example, when you connect your Raspberry Pi to the internet, you should at least take the bare minimum security procedures to ensure that only the ports you need to be open are the ones that are open.
Firewalls are pieces of software that monitor and manage incoming traffic as well as outgoing network traffic.
They can allow, drop, or reject traffic altogether. Your Raspberry Pi will be functional and well-connected without a firewall in place at all.
However, they can also be made even more secure if you implement a firewall that will only allow the traffic types you permit to have.
Interested in having this kind of setup securing your Raspberry Pi (see also ‘How To Set Up Raspberry Pi Remote Desktop On Windows/ Linux/ Mac‘)? We aren’t surprised! So, let’s look at how you can do this!
Uncomplicated Firewall, otherwise known as UFW, is a frontend used for managing firewall rules on Linux (see also ‘How To Update RetroArch‘).
This is a firewall tool of configuration that will run on top of iptables.
Since iptables have a fairly complicated syntax, using something like UFW to perform this kind of configuration without being too low-key is a priortiy when it comes to being security conscious.
However, before you start up, you should always update or upgrade all of the packages you have existing on your Raspberry Pi operating system.
You can install the firewall package in one of two different ways.
Firstly, you could use the graphical package manager which is available automatically with Raspberry Pi operating systems.
You can open this through the navigation system of:
- Menu > Preferences > Add/ Remove Software
Then search for “UFW” and highlight the package to install and confirm installation via the ‘OK’ button.
As an alternative, you could also choose to install your UFW package quickly and very easily by using a command line, if you want to use the APT package manager.
You can use the command: “sudo apt install UFW”.
Managing Your Raspberry Pi Firewall Via UFW
Once you have UFW installed, you are already part way there. Now you need to turn it on, however, first, check that it is enabled.
To do this, run the command:
- “Sudo ufw status verbose”
Ensure You Allow Connections
Perhaps you are connecting your Raspberry Pi through a remote location before you end up enabling the UFW firewall.
If this is the case then it is better if you can explicitly allow for incoming SSH connections via the port 22, which is the well-known default SSH port.
Should you not do this beforehand, you will end up locking yourself out and will end up physically needing to connect a monitor and a keyboard to give yourself terminal access to your Raspberry Pi, which is the absolute last thing anyone wants to end up doing!
So, to properly configure your UFW firewall to allow for any incoming SSH connections, you can use a command:
- “Sudo UFW allow 22”
If you want to allow incoming connections which are connecting from a specific IP address, you will have to involve a directive “from” to specify the connection’s source.
So, if you wanted to allow access to port 22 from your work laptop with an IP address that was something like 184.169.4. 200 use to any port, then follow this with the port number.
This would look something like this as a command:
- “Sudo UFW allow from 22.214.171.124 to any port 22”
Know How To Turn On Your Raspberry Pi Firewall
Once you have configured your Raspberry Pi firewall successfully to allow for any incoming SSH connections, you then enable it through typing the following command:
- “Sudo UFW enable”
Do note, you will likely receive a warning that by enabling the firewall you may experience disruptions in any existing SSH connections you have. Simply type in “y” and press enter after this.
Check The Status & Rules Of The Firewall
If you use the command:
- “UFW enable”
Then this will turn on UFW and any applicable rules.
You can also then verify that UFW is running as you can issue the following command to check:
- “Sudo UFW status verbose”
As well as this, the command will also end up showing you any and all active firewall rules.
So, it is very useful when you want to do a full checkup on the system.
Don’t Forget To Deny Connections
While it is equally as important to allow port access, it is just as vital to deny port access as well.
The default on the policy for all incoming connections will be set automatically to “Deny”.
If you have not changed this, then UFW will automatically block any and all incoming connections, unless, of course, you specifically allow for connection to this port.
So, if you had opened port 22, but the server for your Raspberry Pi is being attacked, you will need to deny all of the connections to this port.
To do this, you can use another command such as this:
- “Sudo UFW deny 22”
While we hope this is not something you need to do, it is vital to know how to just encase the worst.
You Can Delete Existing Rules Too
In order to delete any existing rules, you will need to know the rule number for the one you want to delete.
In order to get the list you which you can get this information from, you can run the command:
- “Sudo UFW status numbered”
This command will show you the list of rules that have been made for your Raspberry Pi firewall, this means each and every identified via a unique number.
As an example, if you wanted to delete the rule there for SSH communication i.e. number 1, this command could easily be executed through this command:
- “Sudo UFW delete 1”
You will usually be requested to confirm before deletion. If you are sure to delete this then type in “Y” and then press the enter key.
This would cancel SSH communication in IPv4, however, it would not cancel the one for IPv6.
If you want to delete the rule IPv6, be sure to consult the existing rule listing once more since the ID code will have been altered.
You Can Also Disable The Firewall If You Want
Should you have a connectivity issue, you will want to disable the Raspberry Pi firewall, and then you will need to retreat to test if you can connect again.
In order to disable the UFW firewall, you will need to use the following command:
- “Sudo UFW disable”
This command would fully disable the firewall for UFW on your Raspberry Pi.
Obviously, it is best not to have to do this, but should you end up needing to, it is best to know exactly how to go about doing so.
Frequently Asked Questions:
Can I Install A Firewall On Raspberry Pi?
Once the operating system for your Raspberry Pi is up to date, you will now be able to install the firewall you decide on using.
In order to install your UFW software, all you need to do is run a simple command.
How Do You Use Your Raspberry Pi 4 As A Firewall?
If your goal is to create a new style of wireless access point with a firewall, and any other cool software in order to monitor the network and filter off some internet traffic.
1.) Start off by installing your Raspberry Pi on your network.
2.) Enable Wi-Fi access with a different network subnet.
3.) Create a bridge there between the two networks.
4.) Create your firewall rules.
Does Raspberry Pi Have UFW?
A firewall will block which is incoming connections to your Raspberry Pi and will help to safeguard server and network applications.
WPI’s Information Security office will advise you to use UFW on Raspberry Pi.
How Do I Monitor Home Traffic On My Raspberry Pi?
The best way to monitor home traffic on a Raspberry Pi is to install Darkstat.
Is Raspberry Pi VPN Free?
The most popular VPN solution for a Linux system is OpenVPN, in extension Raspberry Pi.
This program is not only super, super secure, but it is also open-sourced, and therefore, it is also totally free to use as well.
It is a double-whammy win.
If you’re after a super robust VPN option – we recommend you check out Express VPN
Having UFW is a powerful piece of software that can bring about massive improvements in the overall security of your Raspberry Pi software when it is properly configured.
If you enable the UFW firewall, all of the communications running to and from your Raspberry Pi to pass-through this specific piece of software, it protects you from unwanted attacks, and any attempted connections from anyone who is unauthorized to be using your device.
- The Best Raspberry Pi Christmas Gifts - December 2, 2023
- Introducing The Raspberry Pi 5 – Everything We Know So Far - October 6, 2023
- Connecting A Color Sensor To A Raspberry Pi Or Arduino - September 21, 2023