Raspberry Pi – UFW Firewall (Uncomplicated Firewall) – Part 1

In my previous posts on configuring Telnet and SSH, I found out about UFW, or Uncomplicated Firewall. When dealing with just one service, using that service’s methods of controlling access is one way of doing it. When working with multiple services, using a single method like UFW is worth considering. To get the process started, we need to make sure that apt-get has the latest info and then we can install UFW.

sudo apt-get update
sudo-apt-get install ufw

At this point, UFW is install but not active. you can verify this by doing a sudo ufw status. You should get back the following response –
YouTube Preview Image
pi@raspberrypi:~$ sudo ufw status
Status: inactive

Before getting enabling the firewall, you can put a rule or two in place. In my case, I am going to test telnet in the lab from my MacBook Pro to the raspberry pi. I want to make sure that only I can access it. For starters, I will block my workstation from being able to access the RPi via telnet but allow SSH. The command that I will use for this is sudo ufw allow from 192.168.0.140 to any port 22.

Next, to be able to watch what is going on at UFW, logging should be enabled. Do sudo ufw logging on for starters. When testing out a new rule, I temporarily set the logging level to high. One reason is that it will let you see when a rule is allowing traffic to pass and not just when UFW is denying traffic. Lastly, you will want to make ufw active – sudo ufw enable.

To see what UFW is been tasked to do, try sudo ufw status. You should see a response back like this –

pi@raspberrypi:~$ sudo ufw status
Status: active

To Action From
— —— —-
22 ALLOW 192.168.0.140

After you have tested your access, do a cat /var/log/messages | grep UFW to see what the activity the firewall has seen. The more you work with UFW and the more other services write to the messages file, you may find it simpler to use the tail command instead of cat to see just the last few lines of the messages file – tail /var/log/messages.

To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/

Send to Kindle
This entry was posted in Blog Entries, Raspberry Pi and tagged . Bookmark the permalink.