Firewall installation and configuration in kali Linux.Basically after reading this article you will have complete knowledge of Firewall installation and configuration on Kal Linux in Detail.
You can easily manage,troubleshoot Firewall related problems after reading this simple and concise article on UFW and GUFW Firewall Configuration Tutorial.You will be able to enable,Disable,reset,Reload,Append and delete Firewall rules in kali Linux .
In this Firewall configuration tutorial we will Learn:
How to install UFW Firewall in Kali Linux.
How to Install GUFW Firewall in Kali Linux
How to Configure UFW Firewall in kali Linux.
How to Allow or Deny Services like http,https,Mysql,samba,ssh,ftp using Firewall in kali Linux.
How to Allow or Deny certain ip addresses using UFW Firewall.
How to Enable and Disable Firewall rules.
How to Reset or Reload Firewall rules.
How to delete Firewall rules.
How to allow or Deny Certain range of PORTS.
In Kali Linux There are two firewall implementation Method:
1.ufw(Through command line)
2.gufw(Through GUI Interface)
Before installing these packages we need to update kali linux package using below command.
root@kali:~/Desktop# apt-get upgrade
Now install command line Firewall (UFW)
root@kali:~# apt-get install ufw
How to List of Applications supported by UFW Firewall:
login as: satish
satish@192.168.0.101’s password:
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Could not chdir to home directory /home/satish: No such file or directory
$ su – root
Password:
root@kali:~# clear
root@kali:~# ufw app list
Available applications:
AIM
Bonjour
CIFS
DNS
Deluge
IMAP
IMAPS
IPP
KTorrent
Kerberos Admin
Kerberos Full
Kerberos KDC
Kerberos Password
LDAP
LDAPS
LPD
MSN
MSN SSL
Mail submission
NFS
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
POP3
POP3S
PeopleNearby
SMTP
SSH
Samba
Socks
Telnet
Transmission
Transparent Proxy
VNC
WWW
WWW Cache
WWW Full
WWW Secure
XMPP
Yahoo
qBittorrent
svnserve
Check Firewall status using below command:
root@kali:~# ufw status Status: inactive root@kali:~# ufw status verbose Status: inactive
Now enable firewall using below command.
root@kali:~# ufw enable Firewall is active and enabled on system startup
Again test Firewall status :
root@kali:~# ufw status verbose Status: active Logging: on (low) Default: reject (incoming), allow (outgoing), disabled (routed) New profiles: skip
Allow services by there NAME or by PORT NUMBER:
root@kali:~# ufw allow 80/tcp Rule added Rule added (v6) root@kali:~# ufw allow 22/tcp Rule added Rule added (v6) root@kali:~# ufw allow samba Rule added Rule added (v6)
Now verify the Firewall Rules after Adding these Rules.
root@kali:~# ufw status verbose Status: active Logging: on (low) Default: reject (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp ALLOW IN Anywhere 22/tcp ALLOW IN Anywhere 137,138/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere 80/tcp (v6) ALLOW IN Anywhere (v6) 22/tcp (v6) ALLOW IN Anywhere (v6) 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6) 139,445/tcp (Samba (v6)) ALLOW IN Anywhere (v6)
Now you can clearly see the output and understand the rule i have applied through command line.
See the Firewall rules also by Name for easiness.
root@kali:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 80/tcp ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] Samba ALLOW IN Anywhere [ 4] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 5] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 6] Samba (v6) ALLOW IN Anywhere (v6)
Let’s Secure a web server by blocking http(80) service and allowing https(443) service only.
root@kali:~# ufw deny 80 Rule updated Rule updated (v6) root@kali:~# ufw allow 443 Rule added Rule added (v6)
Check the Firewall rules:
root@kali:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 80/tcp ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] Samba ALLOW IN Anywhere [ 4] 80 DENY IN Anywhere [ 5] 443 ALLOW IN Anywhere [ 6] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 7] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 8] Samba (v6) ALLOW IN Anywhere (v6) [ 9] 80 (v6) DENY IN Anywhere (v6) [10] 443 (v6) ALLOW IN Anywhere (v6)
How to Allow or Deny a Certain range of PORT:
root@kali:~# ufw allow 21:80/tcp Rule added Rule added (v6)
root@kali:~# ufw deny 100:1000/tcp Rule added Rule added (v6)
Now Check the Firewall rules we have applied above:
root@kali:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 80/tcp ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] Samba ALLOW IN Anywhere [ 4] 80 DENY IN Anywhere [ 5] 443 ALLOW IN Anywhere [ 6] 21:80/tcp ALLOW IN Anywhere [ 7] 100:1000/tcp DENY IN Anywhere [ 8] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 9] 22/tcp (v6) ALLOW IN Anywhere (v6) [10] Samba (v6) ALLOW IN Anywhere (v6) [11] 80 (v6) DENY IN Anywhere (v6) [12] 443 (v6) ALLOW IN Anywhere (v6) [13] 21:80/tcp (v6) ALLOW IN Anywhere (v6) [14] 100:1000/tcp (v6) DENY IN Anywhere (v6)
How to Allow or deny certain IP Address in UFW Firewall:
root@kali:~# ufw allow from 192.168.0.100 Rule added
root@kali:~# ufw deny from 172.24.0.200 Rule added
Now Again check the firewall rules:
root@kali:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 80/tcp ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] Samba ALLOW IN Anywhere [ 4] 80 DENY IN Anywhere [ 5] 443 ALLOW IN Anywhere [ 6] 21:80/tcp ALLOW IN Anywhere [ 7] 100:1000/tcp DENY IN Anywhere [ 8] Anywhere ALLOW IN 192.168.0.100 [ 9] Anywhere DENY IN 172.24.0.200 [10] 80/tcp (v6) ALLOW IN Anywhere (v6) [11] 22/tcp (v6) ALLOW IN Anywhere (v6) [12] Samba (v6) ALLOW IN Anywhere (v6) [13] 80 (v6) DENY IN Anywhere (v6) [14] 443 (v6) ALLOW IN Anywhere (v6) [15] 21:80/tcp (v6) ALLOW IN Anywhere (v6) [16] 100:1000/tcp (v6) DENY IN Anywhere (v6)
How to Allow a Particular network
root@kali:~#ufw allow from 192.168.0.0/24 Now above command will allow all ip from network 192.168.0.0/24
How to Block a Particular network
root@kali:~#ufw deny from 192.168.1.0/24 Now above command will block all ip from network 192.168.1.0/24
How to Delete a Particular Firewall rules:
we want to delete Rules of Line Number 4
root@kali:~# ufw delete 4 Deleting: deny 80 Proceed with operation (y|n)? y Rule deleted
How to Reset Everything or Reload Firewall rules:
root@kali:~# ufw reset Resetting all rules to installed defaults. Proceed with operation (y|n)? y Backing up 'user.rules' to '/etc/ufw/user.rules.20171124_072802' Backing up 'before.rules' to '/etc/ufw/before.rules.20171124_072802' Backing up 'after.rules' to '/etc/ufw/after.rules.20171124_072802' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20171124_072802' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20171124_072802' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20171124_072802'
root@kali:~# ufw status numbered Status: inactive
To allow a specific IP address to access specific service:
For example here i will allow ip address 192.168.0.100 to access FTP service only.
root@kali:~# ufw allow from 192.168.0.100 to any port 21 proto tcp
Rule added
root@kali:~#
UFW Firewall Configuration file:
root@kali:~# cat /etc/ufw/before.rules
root@kali:~# cat /etc/ufw/after6.rules
How to enable Logging:
root@kali:~# ufw logging on Logging enabled
How to Set Default Rules: #ufw default allow outgoing #ufw default deny incoming |
Allow HTTP from Specific IP Address or Subnet
here I want to allow 192.168.1.0 network to access my web services.
root@kali:~#ufw allow from 192.168.1.0/24 to any port 80
Allow SSH to Specific Network Interface
root@kali:~#ufw allow in on eth1 to any port 22
Block Connections to a Network Interface
To block connections from a specific IP address, e.g. 192.168.1.100, to a specific network interface, e.g. eth0, use this command:
root@kali:~#ufw deny in on eth0 from 192.168.1.100
Block Connections to a Network Interface
To block connections from a specific IP address, e.g. 172.16.0.100 to a specific network interface, e.g. eth0, use this command:
root@kali:~#ufw deny in on eth0 from 172.16.0.100
For Live Practical session on UFW Firewall Configuration you can watch my Video here:
Learn Linux CCNA CEH IPv6 Cyber-Security Online 