Steps:
For starters, it is a good security habit to keep your Raspberry Pi up to date.
sudo apt update && sudo apt upgrade
And clean after yourself.
sudo apt autoremove && sudo apt autoclean
Ok log in to your Pi and install UFW Firewall:
sudo apt install ufw
Basically what we want to do here is to tell our Raspberry Pi, that it should only listen for outside connections on specific ports and disregard or block everything else.
And actually, we’re going to listen on very few ports. Like ports for ssh, HTTP, and HTTPS for web servers and that’s it.
The first thing to do – and we mustn’t forget this one – we need to allow US to connect to our Raspberry Pi, so we don’t end up locked out from our system. Be extra careful here.
sudo ufw limit 22/tcp # make sure to add this so you don't lock yourself out of your rpi
This says we will accept TCP connections on port 22, but with rate limiting. This limit is another layer of protection – it limits connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds.
So basically it won’t limit us in any way, but it will limit or block potential attackers.
The next thing we want to do is to add port 80 for HTTP and 443 for HTTPS connections. We can’t limit these ports in any reasonable way as we did with ssh. We want our applications to be available potentially to the whole world.
sudo ufw allow 80
sudo ufw allow 443
The last thing to do is enable firewall:
sudo ufw enable
The firewall is now active and we’re still in our system. Great!
If this tutorial helped you in any way please do check out my YouTube channel.
