Although optional, it is often recommended to run the update before installing a package.
$ apt-get update
It is quite straightforward to install a firewall.
$ apt-get intsall ufw
Setting firewall will take some effort on the contrary. Below are a few examples. To allow a subnet of IP addresses to access all ports inwards to this unit:
$ ufw allow from 192.168.1.0/24
To allow to access all ports outwards to an IP.
$ ufw allow out to 192.168.1.175
$ ufw allow out from 192.168.1.0/24 to any
To allow a specific port inwards or outwards:
$ ufw allow https
$ ufw allow 80
To allow for a specific IP to access ports
$ ufw allow from 192.168.1.175 to any port 21:22 proto tcp
After setting up, please check the configuration before enabling the firewall.
$ ufw status
$ ufw status numbered
Status: active
     To                  Action         From
     --                  ------         ----
[ 1] 192.168.1.0/24      ALLOW OUT      Anywhere          (out)
[ 2] 25                  ALLOW OUT      Anywhere          (out)
[ 3] 80                  ALLOW IN       Anywhere
[ 4] 443                 ALLOW IN       Anywhere
[ 5] Anywhere            ALLOW IN       192.168.1.77
[ 6] Anywhere            ALLOW IN       192.168.1.175
[ 7] 25 (v6)             ALLOW OUT      Anywhere (v6)     (out)
[ 8] 80 (v6)             ALLOW IN       Anywhere (v6)
[ 9] 443 (v6)            ALLOW IN       Anywhere (v6)
Add any rules until all requirements met. Delete any unwanted rules if necessary, for example, rule [ 5]:
$ ufw delete 5
Deleting:
 allow from 192.168.1.77
Proceed with operation (y|n)?
Hit y to confirm the deletion. The rules can also be manually edited, though not recommended, in the configuration file:
$ nano /etc/ufw/user.rules
To verify whether the rule meets the requirement via the nc command:
$ nc -vz 192.168.1.77 port_number
In particular, absolutely make sure SSH or telnet port(s) be accessible from the IP where you log in. If otherwise, the firewall might disrupt active/live connection to the unit. Enable first if disabled before active the firewall. Reload if previously enabled.
$ ufw enable
$ ufw reload
It might be a good practice to set default rule to deny rather than allow for all other connections.
$ ufw default deny

Profimation Inc. & Bodhist.net
blog@profimate.com
  +(886) 2-3322-9780
Total visits: 81657