|
<< Click to Display Table of Contents >> Navigation: Other Programs > UFW Firewall |
The UFW firewall is included with RigPi as an added security measure. It can be enabled or disabled using Terminal.
sudo ufw enable
sudo ufw disable
To see UFW Help from Terminal:
man ufw
UFW stands for Uncomplicated Firewall. It is a user-friendly command-line tool used to manage firewall rules on Linux systems. UFW provides a simplified interface for configuring and managing the netfilter firewall, which is built into the Linux kernel. It is designed to make the process of setting up a firewall easier for users who may not be familiar with complex firewall concepts.
Here are some key features of UFW:
1. Ease of use: UFW aims to provide a straightforward interface for managing firewall rules, making it accessible to both novice and experienced users.
2. Command-line interface: UFW is primarily used through the command line, where users can enable or disable the firewall, add or remove rules, and view the status of the firewall.
3. Default policies: UFW follows a default deny incoming rule and a default allow outgoing rule. This means that incoming connections are blocked by default unless explicitly allowed, while outgoing connections are permitted.
4. Application profiles: UFW includes predefined application profiles that allow users to enable firewall rules for commonly used services such as SSH, HTTP, HTTPS, and more. These profiles simplify the process of allowing or denying access to specific services.
5. Simple syntax: UFW utilizes a straightforward syntax for adding rules. Users can specify ports, protocols, and IP addresses to define the desired network traffic rules.
6. Integration with iptables: UFW is built on top of the underlying iptables framework, which is a powerful firewall utility in Linux. UFW simplifies iptables management by providing an easier syntax and a higher-level interface.
It's important to note that UFW is primarily used on Ubuntu and Debian-based systems, but it can also be installed and used on other Linux distributions.
To see a list of open port in RigPi, open Terminal on the Raspberry Pi desktop and use the command:
sudo ufw status
as shown below.
pi@rigpi4:~ $ sudo ufw status |
||
Status: active |
|
|
|
|
|
To |
Action |
From |
-- |
------ |
---- |
80/tcp |
ALLOW |
Anywhere |
64738/tcp |
ALLOW |
Anywhere |
64738/udp |
ALLOW |
Anywhere |
8080/tcp |
ALLOW |
Anywhere |
8081/tcp |
ALLOW |
Anywhere |
30040/udp |
ALLOW |
Anywhere |
5900/tcp |
ALLOW |
Anywhere |
23/tcp |
ALLOW |
Anywhere |
22/tcp |
ALLOW |
Anywhere |
3001/tcp* |
ALLOW |
Anywhere |
80/tcp (v6) |
ALLOW |
Anywhere (v6) |
64738/tcp (v6) |
ALLOW |
Anywhere (v6) |
64738/udp (v6) |
ALLOW |
Anywhere (v6) |
8080/tcp (v6) |
ALLOW |
Anywhere (v6) |
8081/tcp (v6) |
ALLOW |
Anywhere (v6) |
30040/udp (v6) |
ALLOW |
Anywhere (v6) |
5900/tcp (v6) |
ALLOW |
Anywhere (v6) |
23/tcp (v6) |
ALLOW |
Anywhere (v6) |
22/tcp (v6) |
ALLOW |
Anywhere (v6) |
3001/tcp (v6) |
ALLOW |
Anywhere (v6) |
|
|
|
30001 |
ALLOW OUT |
Anywhere |
30001 (v6) |
ALLOW OUT |
Anywhere (v6) |
|
|
|
*Note: TCP port 30001 will change depending on which RigPi account you are using. Account 1 uses 30001, account 2 uses 30002, and so on.