enhance your Archlinux security using ufw Firewall

Firewall is one on the most used word in  wed security terms to protect your network,today in this tutorial i will explain for Arch users win simply  simply  way how to setup firewall in arch Linux through ufw(uncomplicated firewall):

 

Please remember this tutorial should  work for all  Arch Linux  systems based  :

1-first upgrade whole system before download any package:

sudo pacman -Syu

2-after that you must install ufw package from community repository:

sudo pacman -S ufw

3-start and enable UFW’s systemd unit:

sudo systemctl start ufw
sudo systemctl enable ufw

4-ufw and  rules

ufw and in general all firewall tools use “rules” to enable or disable package arrive/receive to any computer.so by default, you must allow any outgoing traffic to be stream and reject any incoming traffig by:

sudo ufw default allow outgoing
sudo ufw default deny incoming

5-Adding rules:

Rules can be added in two ways: By denoting the port number or by using the service name.

For example, to allow both incoming and outgoing connections on port 22 for SSH, you can run:

sudo ufw allow ssh

or:

sudo ufw allow 22

and these are another samples:

sudo ufw allow 80/tcp
sudo ufw allow http/tcp
sudo ufw allow 1725/udp
sudo ufw allow 1725/udp
sudo ufw allow from 123.45.67.89/24
sudo ufw allow from 123.45.67.89 to any port 22 proto tcp

6-removing rules:

To remove a rule, add

delete

before the rule implementation. If you no longer wished to allow HTTP traffic, you could run:

sudo ufw delete allow 22

UFW Status

You can check the status of UFW at any time with the command:

sudo ufw status

. This will show a list of all rules, and whether or not UFW is active:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)

Enable the Firewall

With your chosen rules in place, your initial run of

ufw status

will probably output

Status: inactive

. To enable UFW and enforce your firewall rules:

sudo ufw enable

Similarly, to disable UFW’s rules:

sudo ufw disable

but this is not enough.when you reboot the computer and get status of ufw,encounter that ufw is still “inactive”.one way for solve this problem is systemd/timer.

Timers work directly with services’ units. So we have to create

/etc/systemd/system/ufwAuto.service

first:

sudo nano /etc/systemd/system/ufwAuto.service

this is ufwAuto.service :

[Unit]
Description=Check Is FireWall on/off and Up it is down!

[Service]
Type=simple
ExecStart=/home/saeed/ufw.sh

[Install]
WantedBy=multi-user.target

and this is ufw.sh:

#!/bin/bash
temp=$(sudo ufw status | grep Status | cut -d" " -f2)
if [ "$temp" == "inactive" ]; then
exec sudo ufw enable
fi

and then create a time unit for that service:

sudo nano /etc/systemd/system/ufwAuto.timer

this is ufwAuto.timer :

[Unit]
Description=Run ufwAuto.service every 1 minutes

[Timer]
OnCalendar=*:0/1
Unit=ufwAuto.service

[Install]
WantedBy=multi-user.target

after that you must enable and start service unit to run the script according to pattern in timer unit:

sudo systemctl enable ufwAuto.service
sudo systemctl start ufwAuto.service

that’s it.your system is now protect from hackers and you can drink and coding.. 🙂