Firewall is one on the most used word in wed security terms to protect your network,today in this tutorial i will explain for Arch users win simply simply way how to setup firewall in arch Linux through ufw(uncomplicated firewall):
Please remember this tutorial should work for all Arch Linux systems based :
1-first upgrade whole system before download any package:
sudo pacman -Syu
2-after that you must install ufw package from community repository:
sudo pacman -S ufw
3-start and enable UFW’s systemd unit:
sudo systemctl start ufw sudo systemctl enable ufw
4-ufw and rules
ufw and in general all firewall tools use “rules” to enable or disable package arrive/receive to any computer.so by default, you must allow any outgoing traffic to be stream and reject any incoming traffig by:
sudo ufw default allow outgoing sudo ufw default deny incoming
5-Adding rules:
Rules can be added in two ways: By denoting the port number or by using the service name.
For example, to allow both incoming and outgoing connections on port 22 for SSH, you can run:
sudo ufw allow ssh
or:
sudo ufw allow 22
and these are another samples:
sudo ufw allow 80/tcp sudo ufw allow http/tcp sudo ufw allow 1725/udp sudo ufw allow 1725/udp sudo ufw allow from 123.45.67.89/24 sudo ufw allow from 123.45.67.89 to any port 22 proto tcp
6-removing rules:
To remove a rule, add
before the rule implementation. If you no longer wished to allow HTTP traffic, you could run:
sudo ufw delete allow 22
UFW Status
You can check the status of UFW at any time with the command:
. This will show a list of all rules, and whether or not UFW is active:
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80/tcp ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Enable the Firewall
With your chosen rules in place, your initial run of
will probably output
. To enable UFW and enforce your firewall rules:
sudo ufw enable
Similarly, to disable UFW’s rules:
sudo ufw disable
but this is not enough.when you reboot the computer and get status of ufw,encounter that ufw is still “inactive”.one way for solve this problem is systemd/timer.
Timers work directly with services’ units. So we have to create
first:
sudo nano /etc/systemd/system/ufwAuto.service
this is ufwAuto.service :
[Unit] Description=Check Is FireWall on/off and Up it is down! [Service] Type=simple ExecStart=/home/saeed/ufw.sh [Install] WantedBy=multi-user.target
and this is ufw.sh:
#!/bin/bash temp=$(sudo ufw status | grep Status | cut -d" " -f2) if [ "$temp" == "inactive" ]; then exec sudo ufw enable fi
and then create a time unit for that service:
sudo nano /etc/systemd/system/ufwAuto.timer
this is ufwAuto.timer :
[Unit] Description=Run ufwAuto.service every 1 minutes [Timer] OnCalendar=*:0/1 Unit=ufwAuto.service [Install] WantedBy=multi-user.target
after that you must enable and start service unit to run the script according to pattern in timer unit:
sudo systemctl enable ufwAuto.service sudo systemctl start ufwAuto.service
that’s it.your system is now protect from hackers and you can drink and coding.. 🙂
