 A few weeks ago Tyler and I did a podcast about firewalls and how they are important for people if they want to stay safe while using their computers. And one of the things I asked on that podcast was if anybody was interested in me doing a brief tutorial on actually how to use a firewall on Linux. And several people indicated that they were in fact interested in such a video. So you ask and you receive, that's how these things work. So today I'm going to be talking about one of the most simple things you can do on Linux to keep yourself safe. Now the first thing we should talk about is what actually is a firewall because at its heart a firewall is actually fairly simple at least in idea like the concept of a firewall is very simple to understand what it does is it acts as a breaker point between you and the outside world so that any traffic that you are targeted with so things from the outside trying to come in things like trying to get through SSH port or something like that can be stopped if it's not authorized. That's why they call it a firewall. It's meant to be between you and the outside world technologically speaking firewalls are a little bit more advanced than that and a little bit beyond me. I'm sure that the development of such a thing is which were complicated than the actual concept of it. So what we're going to be talking about today is a specific firewall called UFW or the uncomplicated firewall. And what UFW is is what it says on the tent is a firewall that is very, very uncomplicated. There's not anyone out there that couldn't find themselves able to implement this on their system. No matter what system they're using as long as they're using Linux this will work. Now there are two ways of setting this up. You can use something called GUFW which is a GUI front end for UFW or you can use the terminal version of it which is what we're going to do today. Now the reason why I'm not showing the GUFW program is simply because I've never used it. I've seen it used and it looks very simple. It's just I don't do stuff in the GUI. So if that's something you're interested in I highly recommend checking out district tube's video on this. He did a very brief exploration of GUFW at the end of his video so if you want to see that you can do that. I will leave a link to that in the video description. So here is how you use UFW. Let's go ahead and jump in. Okay, so here we are on a very standard version of Arch Linux. This was installed with the Arch Linux GUI installer so there are some things installed by default but for the most part this is just vanilla arch. If you are on something like Ubuntu or if you're on Fedora or if you're on OpenSUSA a lot of times those servers come with their own firewalls installed. Sometimes it's UFW, sometimes it's something different so you may encounter some conflicts if you're on a different distribution. Chances are the distribution that you're using either has UFW installed or it's not installed at all and you can install it from the repo. So in the case of Arch Linux you can open up a terminal and we'll install UFW. So I don't know why the console always opens up like that in this particular version of Arch. It doesn't really matter. The point is that it's easy to install. So sudo pacman-sufw. Now if you are on like I said Ubuntu UFW should already be installed. If it's not you can install it like this apt install UFW. Now once you have installed so I'm going to go ahead and install this here just like this and enter a password. Once it's installed we need to enable the service. So if you are on a system that's running system D this is very easy. If you're using a different in-it system it's going to be different. You'll have to look up that syntax for enabling services in that particular in-it system. So if you're using OpenRC or run-it or something like that you'd have to look up the syntax for enabling services and how to use UFW. The chances are there is a guide out there somewhere on how to do this. But for system D what you want to do is run this command here. So sudo systemctl which is the command we use to enable and deal with all system D services. And then we want to do enable and then we want to do dash dash now flag which basically what this does is it creates a sim link where it needs to create a sim link so that every time you start up the computer this service will start. But we'll also with the dash dash now flag it will start the service now. That way you don't have to run a separate command saying start the service. So what we're going to do is type in UFW if you can type those letters and then dot service enter if you haven't already entered your password it will ask you for your password but if not this is what the output should look like and we can see that it's running if we do sudo systemctl status UFW dot service. And we should see here that it says active and it is so we can hit quick queue to quit that and we now have UFW enabled but still not quite running it. So the next thing we need to do is make sure that UFW is actually running. So we want to do sudo UFW enable. So that just tells you UFW to actually be on this is turning the on switch the service is running but if the service is running but UFW is not enabled it does nothing it's just running the background taking up resources but not actually doing its job it's taking a break or something I don't know. The point is once you've done this enable thing it will tell you firewall is active and enabled on your system startups so you can again check and make sure UFW is actually running correctly this time by doing sudo UFW status and it will tell you this the status is active so let's go ahead and clear this okay so theoretically right now you're done like there's absolutely nothing else you have to do you have a firewall that is now protecting you from traffic from outside of your network and you could get up and walk away here if that's what you want to do but there are a few more things that you probably should know. The next thing you want to do is check and see what options you have for allowing traffic in so you want to have full control over your firewall so that in case you come across some kind of application whether it's you know SSH or torrenting or something like that you want to have control so that you can allow those things to have access to the internet properly have access to the internet I should say in order to see what apps have the ability to be permitted that access you run this command here sudo UFW app list and what that will do is it will show you every application that you can allow to have access through the firewall so things like SSH things like IMAP ports things like torrenting clients so on and so forth because by default UFW blocks everything that comes in okay so anything like SSH and stuff will be blocked by default you have to same thing with Samba even if you're just using a Samba local share your Samba has to have permission to communicate between the two computers and if there's a firewall in between them it's going to block it so you'll have to make sure that you have allowed Samba in order for that to work so you can see through the list of stuff here that there's just stuff that you have option of allowing through your firewall in order to do that it's really easy so let's say we wanted to allow SSH so we do sudo UFW allow and then the name of the thing that we want to allow in this case we want to do capital SSH so SSH hit enter and it will tell you that it's added a rule it will also tell you that it's added a rule for v6 which is basically telling you that it's allowed created a rule for IPv6 which is the internet protocol stuff it's complicated and it's not necessarily all that important but it's creating it for both versions of IP the internet protocol so once you've done that we can actually test and see whether or not that rule was actually created we could do you sudo UFW status numbered and this will tell us that that we in fact do have complete SSH access now technically this is the wrong way of doing SSH because what this will do is it will allow SSH which is what you wanted to do but it will allow bad actors to have complete access to the SSH port without any limitation whatsoever so they could continually try to get into your computer without any limit to number of times they can attempt to do so so what we want to do actually is delete that rule so how would we go about doing that so the reason why we use this command here with the numbered option is because we want to delete both of these so we want to do sudo UFW delete and then one and then it'll ask us to confirm it yes and then if we run this number again we'll see that we only have the second rule and what we want to do then is just delete two one here as well and then hit yes and then we can actually run this team here and we'll see that we have no rules whatsoever so what do you want to do with SSH if you want to limit the amount of attempts a bad actor could potentially use that service to try to get into your computer well there's a way to do that you can do sudo UFW allow excuse me that's not allow it's supposed to be the limit so UFW limit SSH do that and now if we do this command here the sudo UFW status numbered enter again we'll see now that the action here instead of just saying allow in it says limit in that way that there is a certain standard for the amount of time someone can try to get into your computer in a certain amount of time that way if they're trying to get past it like a lot of those things are automated so that if you if you know they're trying to guess your password or something and if they try to do it so many times in like 30 seconds though that IP address will get blocked so that they can't try it again they'd have to try again with a different us you IP address and it makes you safer in that way so let's go ahead and allow one more application so if we do sudo UFW app list again we can see that there is a bit tort client here called transmission so let's just go ahead and allow that so sudo UFW allow transmission you want to make sure you capitalize it appropriately if it will allow you to create rules for things that are not on this list those rules just don't do anything so you want to make sure you actually spell and capitalize things properly so transmission just like that enter and now if we do sudo UFW status numbered we'll see that we have the SSH and transmission so really that's all that needs to be done for UFW in order for you to use it competently you need to know how to install it you need to know how to enable it you need to know how to create rules and find the apps that you can create rules for and you need to know how to delete things that's the five things that you need to know in order to use UFW there is a ton more stuff that you can do with UFW I highly recommend checking out the man page because there's a ton of documentation there that you can use to do more technological and advanced stuff that doesn't really need to be done but can be done if that's something that you want to do so that is UFW if you have questions you can leave those questions in the comment section below I'll try to answer them I'm not an expert at UFW I've never gone past exactly what I've shown you that's what I do every time on my systems and that's pretty much all you ever need to do so if your question goes beyond that I may or may not have an answer but you can still leave those in the comment section below if you have thoughts comment section below you you can follow me on Twitter at Linuxcast you can support me on Patreon at patreon.com slash Linuxcast before I go I'd like to take a moment to thank my current patrons Robert Sid Devon Patrick Fred Kramer make one Jackson I have some tools today based I break it Linux Eric Samuel Mitchell art center carbon data Jeremy Sean Odin Martin Eve Andy Ross Merrick camp Joshua Lee J-Dog Peter a crucible dark band six primes and PM thanks everybody for watching I'll see you next time