Protect Your Raspberry Pi from Unwanted Traffic with a Simple Firewall Setup

A step-by-step guide on how to install and configure a firewall on your Raspberry Pi for enhanced security. …

Need help with your Raspberry Pi?
Contact Me!

Do you love silly Raspberry Pi Projects?
Check out my this YouTube Channel!

A step-by-step guide on how to install and configure a firewall on your Raspberry Pi for enhanced security.

Firewalls are an essential component of any network’s security measures, especially when it comes to protecting your Raspberry Pi from unwanted traffic and potential intrusions. In this article, we will walk through the process of installing and configuring a firewall on your Raspberry Pi to keep your device safe and secure.

Prerequisites:

• A Raspberry Pi with Raspbian or another compatible OS installed
• Basic understanding of Linux command line and system administration

Step 1: Update the System

Before we begin, it’s crucial to ensure that our system is up-to-date with the latest security patches and software updates. Open a terminal window and run the following commands:

sudo apt update
sudo apt upgrade

Step 2: Install Firewall Software

We will be using UFW (Uncomplicated Firewall) to set up our firewall on Raspberry Pi. Run the following command to install it:

sudo apt install ufw

Step 3: Configure the Firewall

UFW is designed to be easy to use, so setting up basic rules is straightforward. However, there are a few options we need to set before we can start adding rules. Open the UFW configuration file with your preferred text editor (e.g., nano):

sudo nano /etc/default/ufw

Find the line that reads:

IPV6=yes

Change it to:

IPV6=no

Save and exit the file. This disables IPv6 on UFW, which is not currently supported by Raspberry Pi OS.

Step 4: Set Default Firewall Policy

By default, UFW blocks incoming connections and allows outgoing ones. We can change this behavior if needed, but for now, let’s stick with the default policy. To check the current rules, run:

sudo ufw status

If you see “inactive”, go ahead and enable UFW:

sudo ufw enable

Now, let’s add some basic rules to allow essential traffic while blocking the rest.

Step 5: Allow SSH Access

To be able to access your Raspberry Pi remotely, we need to explicitly allow SSH connections. Run:

sudo ufw allow ssh

This allows incoming connections on port 22 (the default SSH port).

Step 6: Allow HTTP and HTTPS Traffic

If you are running a web server or other services on your Raspberry Pi, make sure to allow traffic on ports 80 (HTTP) and 443 (HTTPS):

sudo ufw allow http
sudo ufw allow https

You can replace “http” and “https” with the specific port numbers your services use if they are not using the default ones.

Step 7: Deny All Other Traffic

To block all other traffic by default, run:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This will deny any incoming connections that have not been explicitly allowed, while still allowing outgoing connections.

Step 8: Check Firewall Status

Run the following command to verify that your firewall rules are working as expected:

sudo ufw status

You should see a list of all the rules you’ve added, along with the current default policy.

Now, your Raspberry Pi is protected by a basic firewall, which will help keep it safe from unwanted traffic and potential security threats. If you need to add or modify rules in the future, UFW provides a simple command-line interface for managing them:

sudo ufw [command] [rule]

For example, if you want to allow incoming traffic on port 8080 (e.g., for another web service), run:

sudo ufw allow 8080

Remember to always exercise caution when modifying your firewall rules and make sure to test them thoroughly before deploying in a production environment.